Recently, security experts have detected a new Android malware that spreads through WhatsApp. The malware takes advantage of WhatsApp’s quick reply feature that permits users to respond to incoming messages directly from notifications and send out replies immediately. The malware spreads automatically from the victim’s WhatsApp to other contacts if the victim replies to any received WhatsApp message notification with a link to a malicious Huawei Mobile app. The fake link of this Huawei Mobile app basically redirects the users to a look-alike Google Play Store website and users get the option to install the app. Once it is installed, the wormable app prompts victims to grant it notification access, which is then abused to carry out the wormable attack.
The app not only requests for permissions to read notifications but also requests access to run in the background as well as to draw over other apps, meaning the app can overlay any other application running on the device with its own window that can be used to steal credentials and additional sensitive information. Moreover, the current version of the app allows the malware code to send out replies automatically to WhatsApp contacts as a result of which the wormable malware can expand from one device to another incredibly quickly.
