Android users are being warned against a wormable strain of malware that spreads itself by automatically replying to victims' WhatsApp messages with a malicious link.
The link this Android malware spreads through WhatsApp connects its victims with a convincing web page resembling Google’s Play Store, and a request to install a fake ‘Huawei Mobile’ app onto a user’s device.
This is according to ESET security researcher Lukas Stefanko, who published a short analysis of the malware’s mechanisms.
Should users install and activate the malicious app, it’ll immediately ask for various permissions to perform its key functions, including access to contacts and permission to draw over other apps. This latter feature means it can run in the background while other apps are in use on the victim’s device.
Users are also presented with a request to ignore battery optimisation, which if activated, means the app cannot be killed by the system if spare resources are needed.
Finally, the malicious app demands access to notifications, specifically WhatsApp notifications, so it can scan for incoming messages and distribute further among contacts.
Once all the permissions are guaranteed and the malicious app is set up, it runs in the background and waits for instructions from the command and control server, as well as incoming WhatsApp messages so it can spread.
When messages are received through WhatsApp, the malware scans for these and automatically sends a reply on the user’s behalf which includes the malicious link. This is accompanied with a message asking the contact to visit the fabricated Play Store page and download the fake Huawei app.
Stefano also examined the malware to show that it surreptitiously only messages the malicious link to one contact once per hour. This is in order for the app not to arouse suspicions and remain in operation for as long as possible before detection and removal.
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
Lateral moves in tech: Why leaders should support employee mobilityIn-depth Encouraging staff to switch roles can have long-term benefits for skills in the tech sector
-
APIs: Understanding the business benefits and riskswhitepaper What you need to know about potential data exposure from APIs
-
Apple patches actively exploited iPhone, iPad zero-day and 18 other security flawsNews The out-of-bounds write error is the eighth actively exploited zero-day impacting Apple hardware this year and could facilitate kernel-level code execution
-
Qualcomm and Mediatek flaws left millions of Android users at riskNews An open source audio codec used by chipset firms is believed to have put two-thirds of Android users' private calls and files at risk
-
Businesses on alert as mobile malware surges 500%News Researchers say hackers are deploying new tactics that put Android and iOS at equal risk
-
Apple fixes array of iOS, macOS zero-days and code execution security flawsNews The first wave of security updates for Apple products in 2022 follows a year in which a wide variety of security flaws plagued its portfolio of devices
-
Trend Micro Worry-Free Business Security review: Great cloud-managed malware protectionReviews A reassuringly simple endpoint-protection solution – although mobile support is basic
-
Over 300,000 Android users downloaded banking trojan malwareNews Hackers defeated Google Play restrictions by using smaller droppers in apps and eliminating permissions needed
-
Flaw in Android phones could let attackers eavesdrop on callsNews The vulnerable chips are thought to be present in 37% of all smartphones worldwide
