The malware sends automated replies to messages on WhatsApp and different main chat apps
Android customers needs to be cautious of messages which can be being circulated on WhatsApp and different main messaging platforms and promise to offer a brand new colour theme for WhatsApp. Disguised as an official replace for the chat app, the “WhatsApp Pink” theme is in actuality a variant of malware that ESET researcher Lukas Stefanko analyzed just lately.
“WhatsApp Pink is an up to date model of the WhatsApp auto-reply worm we wrote about in January. The Trojan’s up to date model doesn’t auto-reply simply to WhatsApp messages, but in addition to messages acquired on different instantaneous messaging apps, which might be the explanation for its obvious wider unfold,” stated Stefanko.
“The Trojan mechanically replies to messages acquired in apps similar to WhatsApp, WhatsApp Enterprise, Sign, Skype, Viber, Telegram, and one of many numerous unofficial, third-party variations of WhatsApp, with a hyperlink to an internet site from which it, the Trojan, might be downloaded,” he added.
Past that, nevertheless, the brand new model – detected by ESET merchandise as Android/Spams.V – doesn’t actually do a lot. That stated, Stefanko warned that this will likely simply be a “check model” and we may even see a extra malicious variant additional down the street. Additionally, the web site might be used to host numerous sorts of malicious payloads sooner or later.
The “#WhatsApp Pink” trojan can now auto-reply to acquired messages not solely on WhatsApp, but in addition Sign, Skype, Viber and Telegram. The replies hyperlink to a malicious web site additional distributing the malware. #ESETresearch @LukasStefanko 1/3 pic.twitter.com/B5X0DEQTx2
— ESET analysis (@ESETresearch) April 19, 2021
The newly-discovered Android nasty was first reported by Twitter consumer @Rajaharia. It appears to have been first noticed in India, the place it was shared in numerous large discussion groups on in style instantaneous messaging providers.
In keeping with Stefanko, with a view to obtain and set up the malicious app, customers aren’t really requested to permit the set up of apps from locations apart from the official Google Play retailer and so disable the important thing and enabled-by-default safety measure on Android gadgets. Nonetheless, the malware does request the permission to entry the consumer’s notifications.
As soon as the set up course of is accomplished and the consumer clicks on “WhatsApp Pink”, the app hides itself, claiming that it was by no means even put in. The sufferer will then obtain a message, to which they must reply with a view to unwittingly trigger it to propagate additional.
RELATED READING: Scam impersonates WhatsApp, offers ‘free internet’
If you happen to downloaded “WhatsApp Pink” you possibly can both take away it by means of Settings and the App Supervisor submenu or set up a full-featured Android safety answer that may scan your machine and take away it mechanically.
By the use of prevention, there are a number of steps you possibly can take to mitigate the probabilities of falling sufferer to related schemes sooner or later:
- By no means click on on hyperlinks or attachments that you just acquired through an unsolicited message or from somebody you don’t know
- Solely obtain apps from official app shops, since they’ve rigorous approval processes in place
- At all times use a good cell safety answer
- Be cautious of what sorts of permissions you grant to functions