The malware takes advantage of WhatsApp’s auto-reply feature to spread itself.
WhatsApp’s family group chat is home to each shady link found on the internet? Yes, that’s a key point from which malware spreads, and therefore the latest news proves just that.
As reported by researchers ReBensk and Lukas Stefanko, a replacement malware spreads through WhatsApp messages when it auto-replies to any messaging conversations employing a malicious link that results in a fake Huawei app.
If the recipient falls for it and opens the link, they’re going to see a Google Play Store lookalike website where they will download the app. actually , the web site is fake and therefore the same goes for the app.
Once downloaded and installed, the victim is asked for access to read and send notifications. If the user allows it, the fake app further requests other permissions like running itself within the background and permission to “draw over other apps” allowing it to point out on top of another app whenever it wants.
This can help threat actors bombard the device with unwanted ads, subscribe users to services without their permission, steal user credentials and usually spy on what the user is doing.
On the opposite hand, consistent with the researcher, the message’s content is distributed through WhatsApp isn’t a static one, it’s received from the attacker’s server every hour which suggests that they might simply change the link if their current fake Play Store page is taken offline.
Additionally, albeit currently the worm is spreading through WhatsApp, if the other messaging application allows auto-replies, they too might be utilized in an identical fashion.
To conclude, this is often a classic case of users falling prey to the low-security apps you’d find on third-party app stores then like always, we might recommend our readers to stay at company app stores, those belonging to Apple, Microsoft, and Google.
In the future, we will also see other malicious programs be spread this manner including trojans and more sophisticated spyware.