New Android malware hijacks WhatsApp chats to send malicious messages

A new malware on Android was found using WhatsApp chats to automatically send malicious messages. — Reuters

A new malware is spreading through WhatsApp on Android, hijacking users’ chats to send malicious messages that are self-propagating.

Cybersecurity researcher Lukas Stefanko alerted The Hacker News that the malware spreads by automatically replying to any WhatsApp message notification with a link to a malicious app.

When clicked, the link to the fake app redirects users to a lookalike Google Play Store site.

If users install the fake app, it prompts victims to grant notification access, which is then abused to carry out the wormable attack.

The cybersecurity news site reported that this hack leveraged off WhatApp’s quick reply feature to send replies automatically.

Originally, the feature enables users to reply to incoming messages directly from their notification tray rather than going into the app.

The malware also requests access to run in the background and to be able to overlay on other apps.

This enables it to operate when users were running other apps, so it could then steal credentials or other sensitive information.

Stefanko said this secondary feature was to trick users into an adware or subscription scam.

He said that though the malware code was currently only capable of sending automatic replies to WhatsApp contacts, it could potentially be extended to other messaging apps that use Android’s quick reply feature.

The messages – which cunningly are sent only once per hour to the same contact – are fetched from a remote server, meaning the content and links being sent now could change to other types of malicious content later.

Stefanko said it was his first time analysing Android malware that had the ability to spread itself via WhatsApp messages.

He added that the way it infected the first victims was not clear, though generally wormable malware can expand among victims incredibly quickly.

Users were reminded to only download apps via trusted sources, verify if the app was built by a genuine developer, and double check the app permissions requested before installing.

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 18
Cxense type: free
User access status: 3

Did you find this article insightful?


94% readers found this article insightful

Next In Tech News

Top Toshiba shareholder gets further support for proposed investigation
China deals fresh blow to tech giants in reach for data
SpaceX: more risks, better rockets?
Analysis: Wealth managers frustrated over bitcoin, anxious for piece of the action
WhatsApp rolls out video and voice calls to desktop users
Apple probed by UK as App Store payments scrutiny mounts
Germany faces tough questions as nuclear exit nears
Japan supercomputer shows doubling masks doesn’t help prevent viral spread
Crypto fraudster sentenced to 8 years in token-offering scam
German officials want emails, IMs tied to real-world ID

Stories You'll Enjoy