WhatsApp users have been cautioned about a new malware attack that’s spread through WhatsApp messages. The malicious campaign, which seems designed to generate revenue for the hackers behind the scam by spamming your smartphone with adverts, tries to tempt users by sending them a link to a fake Android mobile app. This is usually combined with a message like “download this application and win Mobile Phone,” to tempt people into following the link.
Users who fall for the ploy will be directed to a website designed to look like the Google Play Store. When installing the app, which is designed to look like the official Huawei Mobile app, Android users will be asked to grant notification access. This feature, which allows Android apps to read all notifications posted by the Android operating system, is used by a wide variety of legitimate apps for handy features.
However, this scam app abuses this privilege to access WhatApp’s quick reply feature — that lets users quickly respond to incoming texts directly from the notifications – to spam anyone who sends you a message with the same download link that you fell for.
Like the text that first tricked you into installing the app, this will be accompanied by a message about winning a free phone. And since these messages (and the malicious download link) always originate from someone you trust – or, at least, someone in your contacts – it makes it more likely people will follow the link, compared with a random email from an unknown account, for example.
ESET security researcher Lukas Stefanko tweeted about the new attack, posting: “This malware spreads via victim’s WhatsApp by automatically replying to any received WhatsApp message notification with a link to [a] malicious Huawei Mobile app. Message is sent only once per hour to the same contact.”
So, if you receive multiple messages from the same contact, the malware is smart enough to know not to spam them with the same download link over and over again – in reply to every text.
The quick reply feature abused by this malware is a popular Android feature available on a number of popular chat apps. So, it’s conceivable this scam software will be updated in the coming days and weeks to take advantage of the feature in rival messengers, like Telegram or Facebook’s Messenger. This would allow the adware campaign to spread faster.
According to ESET’s Lukas Stefanko, this seems to be the first breed of malware designed to use the Android quick reply feature to spread between WhatsApp contacts.
As always, it’s important to only download apps from trusted developers. This should help to keep your device safe from this type of attack. If not, a number of incredibly successful anti-virus solutions have applications on Android, so it could be worth investing to scan your device for these types of malware.
This change, which will not impact those in the UK or Europe thanks to the EU’s tough stance on data protection, was seen by many as a way to slowly siphon more data from WhatsApp to leverage in Facebook’s immensely-successful advertising business. WhatsApp issued a clarification to reassure users that texts between friends and family would still remain safely locked away behind end-to-end encryption, however, the damage was already done.
Data from App Store tracking from App Annie shows WhatsApp plummeting from the eighth most downloaded app in the UK at the start of January, to the 23rd by January 12, 2021. Secure messaging rivals like Telegram has reported gaining 25 million new users in a matter of days, while Signal received such an unexpected influx of new accounts that it caused a 24-hour outage for users worldwide.
After a tough couple of weeks, WhatsApp being used by hackers to spread new malware is not quite the news the team at Facebook hoped to hear.