Social Items

There is a new malware spreading through WhatsApp by automatically replying to received messages with a link to malicious Huawei Mobile app.

According to Lukas Stefanko, an ESET researcher who discovered the Android malware, it propagates itself via WhatsApp messages to the victim's other contacts with the goal of expanding an adware campaign. The malware leverages the quick reply feature on WhatApp used to respond directly to incoming messages from the notifications to automatically send out reply to received message.

It automatically replies to received messages with a link to malicious Huawei Mobile app, which upon clicking, redirect users to a fake Google Play Store.

How the Android Malware Spreads via WhatsApp



The malware app once installed on a victim's device, prompts the victim to grant it notification access, which it then abuses to carry out the automatic wormable attack.



It also requests for other intrusive access in order to run in the background and draw over other apps, which means that the malware app can overlay other apps running on the device with its own window to steal credentials and additional sensitive data.



The malware is fully capable of sending automatic replies to WhatsApp contacts, though the feature could be potentially extended with a future update to include other messaging apps that support the quick reply functionality.

Albeit, the exact mechanism it uses to find its way around on initial set of directly infected victims is yet not clear, but, as wormable malware are potentially able to expand from a device to several others in incredibly quick time.

This new malware has once again underscores the importance of sticking to trusted sources like Google Play Store for downloading apps, and for users to carefully scrutinize every app permissions before installation.

New Android Malware Spreading via WhatsApp messages

There is a new malware spreading through WhatsApp by automatically replying to received messages with a link to malicious Huawei Mobile app.

According to Lukas Stefanko, an ESET researcher who discovered the Android malware, it propagates itself via WhatsApp messages to the victim's other contacts with the goal of expanding an adware campaign. The malware leverages the quick reply feature on WhatApp used to respond directly to incoming messages from the notifications to automatically send out reply to received message.

It automatically replies to received messages with a link to malicious Huawei Mobile app, which upon clicking, redirect users to a fake Google Play Store.

How the Android Malware Spreads via WhatsApp



The malware app once installed on a victim's device, prompts the victim to grant it notification access, which it then abuses to carry out the automatic wormable attack.



It also requests for other intrusive access in order to run in the background and draw over other apps, which means that the malware app can overlay other apps running on the device with its own window to steal credentials and additional sensitive data.



The malware is fully capable of sending automatic replies to WhatsApp contacts, though the feature could be potentially extended with a future update to include other messaging apps that support the quick reply functionality.

Albeit, the exact mechanism it uses to find its way around on initial set of directly infected victims is yet not clear, but, as wormable malware are potentially able to expand from a device to several others in incredibly quick time.

This new malware has once again underscores the importance of sticking to trusted sources like Google Play Store for downloading apps, and for users to carefully scrutinize every app permissions before installation.
Online Security

No comments

Subscribe to: Post Comments (Atom)