The malware sends automated replies to messages on WhatsApp and different main chat apps
Android customers ought to be cautious of messages which might be being circulated on WhatsApp and different main messaging platforms and promise to offer a brand new shade theme for WhatsApp. Disguised as an official replace for the platform, the “WhatsApp Pink” theme is in actuality a variant of malware that ESET researcher Lukas Stefanko analyzed just lately.
“WhatsApp Pink is an up to date model of the WhatsApp auto-reply worm we wrote about in January. The Trojan’s up to date model doesn’t auto-reply simply to WhatsApp messages, but additionally to messages acquired on different on the spot messaging apps, which could possibly be the rationale for its obvious wider unfold,” stated Stefanko.
“The Trojan replies with a hyperlink to an internet site from which it could possibly be downloaded robotically to messages acquired in apps comparable to WhatsApp, WhatsApp Enterprise, Sign, Skype, Viber, Telegram, and one of many varied unofficial, third-party variations of WhatsApp,” he added.
Past that, nevertheless, the brand new model – detected by ESET merchandise as Android/Spams.V – doesn’t actually do a lot. That stated, Stefanko warned that this may increasingly simply be a “check model” and we could anticipate a extra malicious variant sooner or later. Additionally, the web site could possibly be used to host varied forms of malicious payloads sooner or later.
The “#WhatsApp Pink” trojan can now auto-reply to acquired messages not solely on WhatsApp, but additionally Sign, Skype, Viber and Telegram. The replies hyperlink to a malicious web site additional distributing the malware. #ESETresearch @LukasStefanko 1/3 pic.twitter.com/B5X0DEQTx2
— ESET analysis (@ESETresearch) April 19, 2021
The newly-discovered Android nasty was first reported by Twitter person @Rajaharia. It appears to have been first noticed in India, the place it was shared in varied huge discussion groups on in style on the spot messaging providers.
Based on Stefanko, as a way to obtain and set up the malicious app, customers aren’t truly requested to permit the set up of apps from locations apart from the official Google Play retailer and so disable the important thing and enabled-by-default safety measure on Android units. Nonetheless, the malware does request the permission to entry the person’s notifications.
As soon as the set up course of is accomplished and the person clicks on “WhatsApp Pink”, the app hides itself, claiming that it was by no means even put in. The sufferer will then obtain a message, to which they should reply as a way to unwittingly trigger it to propagate additional.
RELATED READING: Scam impersonates WhatsApp, offers ‘free internet’
In case you downloaded “WhatsApp Pink” you’ll be able to both take away it by way of Settings and the App Supervisor submenu or set up a full-featured Android safety answer that can scan your system and take away it robotically.
By means of prevention, there are a number of steps you’ll be able to take to mitigate the possibilities of falling sufferer to related schemes sooner or later:
- By no means click on on hyperlinks or attachments that you just acquired by way of an unsolicited message or from somebody you don’t know
- Solely obtain apps from official app shops, since they’ve rigorous approval processes in place
- At all times use a good cellular safety answer
- Be cautious of what sorts of permissions you grant to functions