The malware takes advantage of WhatsApp’s auto-reply feature to spread itself.
WhatsApp’s family group chat is home to every shady link found on the internet? Yes, that’s a key point from which malware spreads, and the latest news proves just that.
As reported by researchers ReBensk and Lukas Stefanko, a new malware spreads through Whatsapp messages when it auto-replies to any messaging conversations using a malicious link that leads to a fake Huawei app.
If the recipient falls for it and opens the link, they will see a Google Play Store lookalike website where they can download the app. In reality, the website is fake and the same goes for the app.
Once downloaded and installed, the victim is asked for access to read and send notifications. If the user allows it, the fake app further requests other permissions such as running itself in the background and permission to “draw over other apps” allowing it to show on top of another app whenever it wants.
This can help threat actors bombard the device with unwanted ads, subscribe users to services without their permission, steal user credentials and generally spy on what the user is doing.
On the other hand, according to the researcher, the message’s content is distributed through Whatsapp is not a static one, it is received from the attacker’s server every hour which means that they could simply change the link if their current fake Play Store page is taken offline.
#Android #Banking #Trojan #Malware@malwrhunterteam @Spam404 @bl4ckh0l3z @JAMESWT_MHT #opendir
Huawei Mobile #Phishing Malware:https://t.co/7efeHiydOP.apps.details.settings[.pw/play/download/
C2: https://settings[.pw/ pic.twitter.com/ZYyMefS9kg
— Re-ind (@ReBensk) January 21, 2021
Additionally, even though currently the worm is spreading through Whatsapp, if any other messaging application allows auto-replies, they too could be used in a similar fashion.
To conclude, this is a classic case of users falling prey to the low-security apps you would find on third-party app stores and so like always, we would recommend our readers to stick to company app stores, those belonging to Apple, Microsoft, and Google.
In the future, we can also see other malicious programs be spread this way including trojans and more sophisticated spyware.