Wormable Android malware is spreading through WhatsApp

The new strain poses as a Huawei app which users are tricked into downloading from a fake Google Play Store link

Android users are being warned against a wormable strain of malware that spreads itself by automatically replying to victims' WhatsApp messages with a malicious link.

The link this Android malware spreads through WhatsApp connects its victims with a convincing web page resembling Google’s Play Store, and a request to install a fake ‘Huawei Mobile’ app onto a user’s device.

This is according to ESET security researcher Lukas Stefanko, who published a short analysis of the malware’s mechanisms.

Should users install and activate the malicious app, it’ll immediately ask for various permissions to perform its key functions, including access to contacts and permission to draw over other apps. This latter feature means it can run in the background while other apps are in use on the victim’s device. 

Users are also presented with a request to ignore battery optimisation, which if activated, means the app cannot be killed by the system if spare resources are needed.

Finally, the malicious app demands access to notifications, specifically WhatsApp notifications, so it can scan for incoming messages and distribute further among contacts.

Once all the permissions are guaranteed and the malicious app is set up, it runs in the background and waits for instructions from the command and control server, as well as incoming WhatsApp messages so it can spread. 

When messages are received through WhatsApp, the malware scans for these and automatically sends a reply on the user’s behalf which includes the malicious link. This is accompanied with a message asking the contact to visit the fabricated Play Store page and download the fake Huawei app.

Stefano also examined the malware to show that it surreptitiously only messages the malicious link to one contact once per hour. This is in order for the app not to arouse suspicions and remain in operation for as long as possible before detection and removal.

Featured Resources

B2B under quarantine

Key B2C e-commerce features B2B need to adopt to survive

Download now

The top three IT pains of the new reality and how to solve them

Driving more resiliency with unified operations and service management

Download now

The five essentials from your endpoint security partner

Empower your MSP business to operate efficiently

Download now

How fashion retailers are redesigning their digital future

Fashion retail guide

Download now

Recommended

Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
New malware uses search engine ads to target pirate gamers
malware

New malware uses search engine ads to target pirate gamers

21 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021
ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021

Most Popular

The benefits of workload optimisation
Sponsored

The benefits of workload optimisation

16 Jul 2021
RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021
Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021