Lukas Stefanko, a security researcher from ESET, has detailed an Android WhatsApp Worm that’s infecting WhatsApp users and their contacts. While this spreading’s clear objective isn’t known, it’s could mostly be adware or a subscription scam malware that’s disguised under the Huawei Mobile apps and asks for extensive device permissions.
Android Worm Infecting WhatsApp
Since WhatsApp is the largest instant messenger today, it’s no wonder that most of the threat actors are preying on it. A new WhatsApp worm was discovered by a security researcher named Lukas Stefanko, who demonstrated it, showing the infection and its code pulled from reverse engineering.
The campaign starts with a message being received from a known contact or an unknown number. The message reads as “Download this application and Win a Lovely Phone” with a URL to the said application. Tapping on it will take you to a fake Playstore page showing you a Huawei Mobile app for installing.
Downloading and installing the app will begin asking for deep permissions and settles, saying your application for the subscription was submitted and awaits a reply. This hints the worm to be something of a subscription scam or general adware that may bomb your phone with ads everywhere.
While this isn’t known, the researcher called it a worm since it spreads to others through the victim’s WhatsApp contacts. He demonstrated this by sending a message to the infected contact, which garnered an automatic reply with the same worm app link. It should be noted that it sends the message only once an hour.
If infected, victims can uninstall the app to stop this campaign and are suspicious about clicking on such links and installing applications from unknown sources. Installing apps from Google Playstore and being sure about clicking the links only after prior information from a trusted contact should be done.
