Beware — A New Wormable Android Malware Spreading Through WhatsApp

[aum]

 

A newly discovered Android malware has been found to propagate itself through WhatsApp messages to other contacts in order to expand what appears to be an adware campaign.

 

"This malware spreads via victim's WhatsApp by automatically replying to any received WhatsApp message notification with a link to [a] malicious Huawei Mobile app," ESET researcher Lukas Stefanko said.

 

The link to the fake Huawei Mobile app, upon clicking, redirects users to a lookalike Google Play Store website.

 

Once installed, the wormable app prompts victims to grant it notification access, which is then abused to carry out the wormable attack.

 

Specifically, it leverages WhatApp's quick reply feature — which is used to respond to incoming messages directly from the notifications — to send out a reply to a received message automatically.

 

Besides requesting permissions to read notifications, the app also requests intrusive access to run in the background as well as to draw over other apps, meaning the app can overlay any other application running on the device with its own window that can be used to steal credentials and additional sensitive information.

 

The functionality, according to Stefanko, is to trick users into falling for an adware or subscription scam.

 

 

Furthermore, in its current version, the malware code is capable of sending automatic replies only to WhatsApp contacts — a feature that could be potentially extended in a future update to other messaging apps that support Android's quick reply functionality.

 

While the message is sent only once per hour to the same contact, the contents of the message and the link to the app are fetched from a remote server, raising the possibility that the malware could be used to distribute other malicious websites and apps.

 

"I don't remember reading and analyzing any Android malware having such functionality to spread itself via whatsapp messages," Stefanko told The Hacker News.

 

Stefanko said the exact mechanism behind how it finds its way to the initial set of directly infected victims is not clear; however, it's to be noted the wormable malware can potentially expand from a few devices to many others incredibly quickly.

 

"I would say it could be via SMS, mail, social media, channels/chat groups etc," Stefanko told The Hacker News.

 

If anything, the development once again underscores the need to stick to trusted sources to download third-party apps, verify if an app is indeed built by a genuine developer, and carefully scrutinize app permissions before installation.

 

But the fact the campaign cleverly banks on the trust associated with WhatsApp contacts implies even these countermeasures may not be enough.

 

Source

 

[zanderthunder]

New malware spreads itself by auto replying to all of your WhatsApp messages

 

Have you received a WhatsApp message with a suspicious link embedded? Whatever you do, don’t click on that link. The reason: a new wormable malware has been spreading on Android devices via WhatsApp, as reported by The Hacker News. 

 

According to security ESET malware researcher Lukas Stefanko:

 

Quote

This malware spreads via victim’s WhatsApp by automatically replying to any received WhatsApp message notification with a link to [a] malicious Huawei Mobile app,

 

So, how does this malware spread and infect other users? According to Stefanko, the malware uses WhatsApp’s quick reply feature to send messages with the malicious links as replies.

 

 

These links redirect potential victims to a convincing web page that resembles Google’s Play Store. It then prompts users to download and install a fake Huawei app. This malicious app then prompts users to grant it permission to read notifications as well as run in the background.

 

In addition, it also asks users to allow it to draw over other apps. If you are not familiar, this basically allows the malware-ridden app to overlay itself on top of other apps running on the device. This then allows it to capture and steal all your credentials like usernames and passwords.

 

Stefanko notes the malware only sends one message per hour to the same contact. This is done, so the app does not arouse suspicions at first and scarily enough, it remains operational as long as possible before it being detected and removed.

 

He added that the contents of the message and the link to the malicious app are fetched from a remote server. This means the malware can be used to redirect unsuspecting victims to other malicious websites and apps.

 

In its current form, the malware is only capable of sending automatic replies to other WhatsApp contacts. However, this could potentially be extended to other messaging apps that support Android’s quick reply function.

 

The malware researcher said this is the first time he has encountered an Android malware that can spread itself via WhatsApp messages. He added that the malware could potentially be spread through other forms of messaging like SMS, email, social media, groups chats and more.

 

This underscores the need for users to stick to only trusted sources when downloading third-party apps. Always verify that the app you are downloading is actually made by a genuine developer. Also, scrutinise every permission the app requests before granting it.

 

If you are interested to learn how the malware works, have a look at Stefanko’s Youtube video below:

 

 

Source: New malware spreads itself by auto replying to all of your WhatsApp messages (via SoyaCincau)