Warning: New Android Wormable Spreads Rapidly On WhatsApp


ESET security researcher Lukas Stefanko reported new malware for Android devices automatically spreading via WhatsApp messages. The main purpose of malware is to trick users into adware or subscription scams.


"The malware spreads through the victim's WhatsApp app by automatically replies to any WhatsApp messages containing a link to the malicious Huawei Mobile app," Stefanko said.


The link to the fake Huawei Mobile app redirects users to a site very similar to the Google Play Store. Once installed on a device, a malicious application requests access to notifications, which it then uses to carry out an attack. In particular, he is interested in the WhatsApp Quick Reply feature, which is used to reply to incoming messages directly from notifications.


In addition to reading notifications, the app also requests permissions to run in the background and draw on top of other apps - overlapping any other app running on the device with its own window, which can be used to steal credentials.


In its current version, the malicious code is only able to send automatic replies to the victim's WhatsApp contacts, but in future versions, it may be possible to send replies in other applications that support the quick replies feature in Android.


Although the message is sent to the same contact only once an hour, the message content and the link to the application are retrieved from a remote server, which means that malware can be used to spread other malicious sites and applications.



According to the researcher, it was not possible to establish how the initial infection occurs. It should be noted, however, that worm malware can spread incredibly quickly from multiple devices to many others via SMS, email, social media posts, channels / chat groups, etc.

Previous Post Next Post