The malicious campaign, which seems designed to generate revenue for the hackers behind the scam by spamming your smartphone with adverts, tries to tempt users by sending them a link to a fake Android mobile app. This is usually combined with a message like “download this application and win Mobile Phone,” to tempt people into following the link.
Users who fall for the ploy will be directed to a website designed to look like the Google Play Store. When installing the app, which is designed to look like the official Huawei Mobile app, Android users will be asked to grant notification access. This feature, which allows Android apps to read all notifications posted by the Android operating system, is used by a wide variety of legitimate apps for handy features.
However, this scam app abuses this privilege to access WhatApp’s quick reply feature — that lets users quickly respond to incoming texts directly from the notifications – to spam anyone who sends you a message with the same download link that you fell for.
Like the text that first tricked you into installing the app, this will be accompanied by a message about winning a free phone. And since these messages (and the malicious download link) always originate from someone you trust – or, at least, someone saved in your contacts or found in a shared group chat – it makes it more likely people will follow the link, compared with a random email from an unknown account, for example.
ESET security researcher Lukas Stefanko tweeted about the new attack, posting: “This malware spreads via victim’s WhatsApp by automatically replying to any received WhatsApp message notification with a link to [a] malicious Huawei Mobile app. Message is sent only once per hour to the same contact.”
So, if you receive multiple messages from the same contact, the malware is smart enough to know not to spam them with the same download link over and over again in reply to every text. The quick reply feature abused by this malware is a popular Android feature available on a number of popular chat apps. So, it’s conceivable this scam software will be updated in the coming days and weeks to take advantage of the feature in rival messengers, like Telegram or Facebook’s Messenger. This would allow the adware campaign to spread faster.
According to ESET’s Lukas Stefanko, this seems to be the first breed of malware designed to use the Android quick reply feature to spread between WhatsApp contacts.
As always, it’s important to only download apps from trusted developers. This should help to keep your device safe from this type of attack. If not, a number of incredibly successful anti-virus solutions have applications on Android, so it could be worth investing to scan your device for these types of malware.
Speaking to Express.co.uk about the malware, sometimes referred to as a “worm”, Ray Walsh, Tech Expert at ProPrivacy said: “The discovery of malicious worm malware spreading through Android devices via WhatsApp messages will be concerning to Android users. The worm type malware spreads to other devices by using Android’s quick reply feature to send a WhatsApp message that contains a link to a malicious Huawei Mobile App.
“If the user clicks the link they are redirected to a cloned version of the Google Play Store containing the self-propagating malware. Anybody who downloads the app and agrees to its permissions is allowing the app to access other apps on the device, which allows it to steal personal information and user credentials. It appears that the primary aim of the malware is to trick victims into falling for an adware subscription scam, which leads to the victim being defrauded.
“This is the first worm type attack that spreads via WhatsApp messages, and what is concerning is that it could actually be expanded to work with other messengers that leverage Android’s quick reply feature too. Users are reminded that they should not download any apps unless they have found them in the official app store, and to remember never to download any apps after clicking on links in a WhatsApp message.”
This change, which will not impact those in the UK or Europe thanks to the EU’s tough stance on data protection, was seen by many as a way to slowly siphon more data from WhatsApp to leverage in Facebook’s immensely-successful advertising business. WhatsApp issued a clarification to reassure users that texts between friends and family would still remain safely locked away behind end-to-end encryption, however, the damage was already done.
Data from App Store tracking from App Annie shows WhatsApp plummeting from the eighth most downloaded app in the UK at the start of January, to the 23rd by January 12, 2021. Secure messaging rivals like Telegram has reported gaining 25 million new users in a matter of days, while Signal received such an unexpected influx of new accounts that it caused a 24-hour outage for users worldwide.
After a tough couple of weeks, WhatsApp being used by hackers to spread new malware is not quite the news the team at Facebook hoped to hear.
Published at Tue, 26 Jan 2021 08:01:00 +0000