Android WhatsApp Worm?
— Lukas Stefanko (@LukasStefanko) January 21, 2021
Malware spreads via victim’s WhatsApp by automatically replying to any received WhatsApp message notification with a link to malicious Huawei Mobile app.
Message is sent only once per hour to the same contact.
It looks to be adware or subscription scam. https://t.co/NYbh2A9Y6M pic.twitter.com/2tFgLyG94O
The malware was first reported by Twitter user @ReBensk who claims that its main purpose is to generate fraudulent advertising revenue for its operators. Stefanko further added that the malware spreads via the victim’s WhatsApp, automatically replying to any WhatsApp message notification with a link to a fake and malicious Huawei Mobile app.
While the Huawei app looks authentic, it isn’t available on the Google Play Store. The malware prompts users to download and install the app from the web, thus avoiding the security precaution on Android devices. After the installation is complete, the Huawei Mobile app requests users to enable a variety of functions and permissions, including notifications, ability to draw over other apps, and ignore battery optimisation.
“The worm spreads via messages to WhatsApp contacts only when the last received message by the victim was sent more than an hour ago,” said Stefanko. He believes that this is done so as to raise suspicion among the victim’s contacts since receiving a link as a response to every message might cause alarm. While the WhatsApp malware is currently being used as an adware or subscription scam campaign, it’s said to have the ability to distribute banking trojans, ransomware, or spyware.
The worm spreads via messages to WhatsApp contacts only when the last received message by the victim was sent more than an hour ago.
“This is a malicious app that tricks people into downloading it and sending phishing messages through permissions granted by the Android operating system. We are reporting this to the domain provider that the phishing service is using to take action and to protect against this abuse,” a WhatsApp spokesperson was quoted as saying MailOnline.
You should avoid clicking on such malicious links and only download Google Play Protect apps from the Play Store to make sure the app is safe to use.