A new malicious campaign is active in the wild aiming at WhatsApp users. The campaign lures users to download ‘WhatsApp Pink’, which actually is malware that also targets Signal and Telegram as well.
WhatsApp Pink Malware Campaign
Recently, the ‘WhatsApp Pink’ scam made it to the news after an Indian security researcher Rajshekhar Rajaharia warned about it. As it turns out, WhatsApp Pink is a malware campaign actively targeting the users. The scam lures the users into downloading the malware by offering ‘WhatsApp Pink’ – a supposed WhatsApp app version.
Beware of @WhatsApp Pink!! A Virus is being spread in #WhatsApp groups with an APK download link. Don't click any link with the name of WhatsApp Pink. Complete access to your phone will be lost. Share with All..#InfoSec #Virus @IndianCERT @internetfreedom @jackerhack @sanjg2k1 pic.twitter.com/KbbtK536F2
— Rajshekhar Rajaharia (@rajaharia) April 17, 2021
The campaign spreads via phishing messages in different chat groups. The messages include a URL to apparently download the new WhatsApp look. However, clicking on the link and trying to download the app actually installs the malware to the device.
This malware automatically establishes itself on the target device with minimal user input. The victim would only be required to give it the permission(s) it asks.
Once installed, a temporary icon, that resembles the WhatsApp app icon but is pink in color, appears that disappears when the user clicks on it. In this way, the malware stays hidden and continues running in the background without the victim noticing it.
After that, the malware keeps a check on all incoming messages on the device. It then abuses the auto-reply feature of the notifications banner to spread the malware to others.
According to ESET, this campaign is simply a variant of the wormable malware that they first warned in January 2021.
At that time, the malware typically focused on WhatsApp notifications. However, the new malware ‘WhatsApp Pink’ also reads and responds to Signal and Telegram notifications.
The “#WhatsApp Pink” trojan can now auto-reply to received messages not only on WhatsApp, but also Signal, Skype, Viber and Telegram. The replies link to a malicious website further distributing the malware. #ESETresearch @LukasStefanko 1/3 pic.twitter.com/B5X0DEQTx2
— ESET research (@ESETresearch) April 19, 2021
Preventing The Malware With Security App
While the malware campaign is highly wormable, getting rid of it isn’t difficult either.
Researchers have advised all users to scan their devices with a robust Android security app to remove the malware. Also, the victims can manually check their devices for the presence of the malware and remove it.
Whereas, the best practice to entirely avoid such scams is to never click on links arriving via unsolicited messages.
