Wormable Malware Comes Back As ‘WhatsApp Pink’ – Now Targets Signal, Telegram Too

A new malicious campaign is active in the wild aiming at WhatsApp users. The campaign lures users to download ‘WhatsApp Pink’, which actually is malware that also targets Signal and Telegram as well.

WhatsApp Pink Malware Campaign

Recently, the ‘WhatsApp Pink’ scam made it to the news after an Indian security researcher Rajshekhar Rajaharia warned about it. As it turns out, WhatsApp Pink is a malware campaign actively targeting the users. The scam lures the users into downloading the malware by offering ‘WhatsApp Pink’ – a supposed WhatsApp app version.

The campaign spreads via phishing messages in different chat groups. The messages include a URL to apparently download the new WhatsApp look. However, clicking on the link and trying to download the app actually installs the malware to the device.

This malware automatically establishes itself on the target device with minimal user input. The victim would only be required to give it the permission(s) it asks.

Once installed, a temporary icon, that resembles the WhatsApp app icon but is pink in color, appears that disappears when the user clicks on it. In this way, the malware stays hidden and continues running in the background without the victim noticing it.

After that, the malware keeps a check on all incoming messages on the device. It then abuses the auto-reply feature of the notifications banner to spread the malware to others.

According to ESET, this campaign is simply a variant of the wormable malware that they first warned in January 2021.

At that time, the malware typically focused on WhatsApp notifications. However, the new malware ‘WhatsApp Pink’ also reads and responds to Signal and Telegram notifications.

Preventing The Malware With Security App

While the malware campaign is highly wormable, getting rid of it isn’t difficult either.

Researchers have advised all users to scan their devices with a robust Android security app to remove the malware. Also, the victims can manually check their devices for the presence of the malware and remove it.

Whereas, the best practice to entirely avoid such scams is to never click on links arriving via unsolicited messages.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients