Home Cyber Attack Watch Out For This Wormable Malware Spreading Via WhatsApp
Cyber AttackHacking NewsNews

Watch Out For This Wormable Malware Spreading Via WhatsApp

by Abeerah Hashim
written by Abeerah Hashim
DarkGate malware spreads via skype

Heads up WhatsApp users! A new wormable malware campaign is in the wild that targets WhatsApp users. The malware spreads via WhatsApp supposedly to expand an adware campaign.

Malware Spreading Via WhatsApp

Security researcher Lukas Stefanko has elaborated on a new malware campaign targeting WhatsApp users.

The campaign first caught the attention of another Android security researcher with alias ReBensk who disclosed it via a tweet.

Later, Stefanko analyzed the malware and shared details via a blog post.

Briefly, the campaign targets WhatsApp users with wormable malware. Upon targeting a device, the malware then self-propagates as soon as the victim replies to anyone in WhatsApp conversations. The target would receive a message apparently from the victim user that would include a link to some Play Store app.

Tapping on the link then redirects the new target to a page that poses as a Huawei app page and mimics Google Play Store design. However, the phishing page doesn’t really belong to the Play Store.

If the target user installs the app, the malicious app then asks for permission to access device notifications. Also, it asks for permissions to continue running in the background and “draw over other apps”.

Once established, the malware then seeks messages from its C2 server every hour. The text of the message changes dynamically, but the link is always present. The spammy message then reaches other target users upon replying to a WhatsApp message notification.

The following video explains the attack scenario.

What Next?

As per Stefanko’s analysis, the malware written in Java is currently in the wild. While, for now, it appears that the malware would serve as an adware. However, it might upgrade itself in the future to become a more malicious trojan.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

You may also like

Multiple Vulnerabilities Found In Forminator WordPress Plugin

Palo Alto Networks Patched A Pan-OS Vulnerability Under...

Apple Removed Numerous Apps From China App Store

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall...

Personal Data Exposed in Massive Global Hack: Understanding...

Guardz Welcomes SentinelOne as Strategic Partner and Investor...

Invision Community Vulnerabilities Risk E-Commerce Websites

Microsoft April Patch Tuesday Fixes Dozens of RCE...

Match Systems publishes report on the consequences of...

Cypago Announces New Automation Support for AI Security...

1 comment

talha January 27, 2021 - 3:59 pm

App asking too many permission, is already hint that something fishy is going on, also its good practice to read the url before doing anything………

Comments are closed.