Adware Campaign — Android

Adware, along with other types of malware, can infect Android phones. On clicking the pop-up/adware messages, they can connect to malicious websites and work with spyware to deliver targeted ads.

A new malware has been found — propagate itself through WhatsApp messages to other contacts in order to expand what appears to be an adware campaign.

“This malware spreads via victim’s WhatsApp by automatically replying to any received WhatsApp message notification with a link to [a] malicious Huawei Mobile app,” ESET researcher Lukas Stefanko said.

Source – The Hacker News

WhatsApp Worm:

On clicking the malicious link — fake Huawei Mobile app — redirects to lookalike Google Play Store website.

Once installed, to carry out its behaviour the app asks for permissions:

to read notifications,
also requests intrusive access to run in the background as well as to draw over other apps

Overlaying any other applications running on the device — can be used to steal credentials and sensitive information.

According to Stefanko, the functionality of adware is to trick users into falling for an adware or subscription scam.

Specifically, the malware is capable of sending automatic reply to messages directly from the notifications.

Follow Us on: Twitter, Instagram, Facebook to get latest security news!

Also, the messages are sent only once per hour to the same contact, the contents of the message and the link to the app are fetched from a remote server.

However, raising the possibility that the malware could be used to distribute other malicious websites and apps.

Stefanko stated — the exact mechanism behind how it finds its way to the initial set of directly infected victims is not clear;

However, it’s to be noted the wormable malware can potentially expand from a few devices to many others incredibly quickly.

“I would say it could be via SMS, mail, social media, channels/chat groups etc,” Stefanko told The Hacker News.