The malware takes advantage of WhatsApp’s auto-reply feature to spread itself.
WhatsApp’s family group chat is home to every shady link found on the internet? Yes, that’s a key point from which malware spreads, and the latest news proves just that.
As reported by researchers ReBensk and Lukas Stefanko, a new malware spreads through Whatsapp messages when it auto-replies to any messaging conversations using a malicious link that leads to a fake Huawei app.
If the recipient falls for it and opens the link, they will see a Google Play Store lookalike website where they can download the app. In reality, the website is fake and the same goes for the app.
Once downloaded and installed, the victim is asked for access to read and send notifications. If the user allows it, the fake app further requests other permissions such as running itself in the background and permission to “draw over other apps” allowing it to show on top of another app whenever it wants.
This can help threat actors bombard the device with unwanted ads, subscribe users to services without their permission, steal user credentials and generally spy on what the user is doing.
On the other hand, according to the researcher, the message’s content is distributed through Whatsapp is not a static one, it is received from the attacker’s server every hour which means that they could simply change the link if their current fake Play Store page is taken offline.