A new Android malware has recently been discovered to spread itself through WhatsApp messages by replying to contacts bearing a destructive URL. The reply messages appear to be an adware campaign.
Android users are warned about the newly discovered Android malware that could spread automatically by itself. The malware will automatically reply to the victims WhatsApp messages bearing a link to a malicious Huawei Mobile app. Be warned to protect oneself against all threads.
Malicious Huawei Mobile App
Lukas Stefanko, an ESET security researcher who examined the malware’s mechanisms, said that this Android malware spreads itself by automatically replying to the WhatsApp messages that come. The automatic reply bears a link to the fake and malicious Huawei Mobile App.
This Android malware spreads itself through WhatsApp links that connect victims to a convincing website that resembles the Play Store of Google, and requests to install the fake Huawei Mobile app into the user’s phone.
What can this Android malware do?
Once users install the fake Huawei Mobile App, it will immediately prompt users to grant permission to access notification, which is then used to carry out the spread of the malware. In particular, the app uses WhatsApp’s quick reply feature which is used to automatically reply to incoming messages directly from the notifications. For instance, one cannot reply to messages due to an important meeting. This feature can be set up in WhatsApp so that notification will automatically reply bearing the intended user’s message to any WhatsApp message received. And this is what the malware will manipulate to spread itself.
Be wary of granting permission
Aside from the permission request to read notifications, the malware also requests intrusive access so that it can run in the background to draw over other apps. It would mean that the app can overlay other applications running on the device. Giving access to steal sensitive information and important data.
Stefanko also examined the malware to demonstrate that it secretly sends messages with the destructive URL to just one contact each hour. However, the reply content and the link included are from a remote server such that there is the possibility that malicious websites and apps could use the malware. In order for users not to be suspicious, it appears as an offer to buy the application and continue to do that until detected and removed. Stefanko admits that he hasn’t come across such an Android malware capable of spreading itself through WhatsApp messages.
Currently, this malware is capable of automatically relying only on WhatsApp contacts but with updates coming it can potentially penetrate other messaging apps that will support Android’s quick reply functionality.
Users are also asked to dismiss battery optimization, which if activated, would mean that the system cannot kill the app if spare methods are desired. This development highlights the need to avoid downloading apps from untrusted sources. It is wise to find out whether the app is truly built by a reliable developer and better to scrutinize app permissions before the installation.