The malware sends automated replies to messages on WhatsApp and other major chat apps
Android users should be wary of messages that are being circulated on WhatsApp and other major messaging platforms and promise to provide a new color theme for WhatsApp. Disguised as an official update for the chat app, the “WhatsApp Pink” theme is in reality a variant of malware that ESET researcher Lukas Stefanko analyzed recently.
“WhatsApp Pink is an updated version of the WhatsApp auto-reply worm we wrote about in January. The Trojan’s updated version doesn’t auto-reply just to WhatsApp messages, but also to messages received on other instant messaging apps, which could be the reason for its apparent wider spread,” said Stefanko.
“The Trojan automatically replies to messages received in apps such as WhatsApp, WhatsApp Business, Signal, Skype, Viber, Telegram, and one of the various unofficial, third-party versions of WhatsApp, with a link to a website from which it, the Trojan, can be downloaded,” he added.
Beyond that, however, the new version – detected by ESET products as Android/Spams.V – doesn’t really do much. That said, Stefanko warned that this may just be a “test version” and we may see a more malicious variant further down the road. Also, the website could be used to host various types of malicious payloads in the future.
The “#WhatsApp Pink” trojan can now auto-reply to received messages not only on WhatsApp, but also Signal, Skype, Viber and Telegram. The replies link to a malicious website further distributing the malware. #ESETresearch @LukasStefanko 1/3 pic.twitter.com/B5X0DEQTx2
— ESET research (@ESETresearch) April 19, 2021
The newly-discovered Android nasty was first reported by Twitter user @Rajaharia. It seems to have been first spotted in India, where it was shared in various massive chat groups on popular instant messaging services.
According to Stefanko, in order to download and install the malicious app, users aren’t actually asked to allow the installation of apps from places other than the official Google Play store and so disable the key and enabled-by-default security measure on Android devices. However, the malware does request the permission to access the user’s notifications.
Once the installation process is completed and the user clicks on “WhatsApp Pink”, the app hides itself, claiming that it was never even installed. The victim will then receive a message, to which they will have to reply in order to unwittingly cause it to propagate further.
RELATED READING: Scam impersonates WhatsApp, offers ‘free internet’
If you downloaded “WhatsApp Pink” you can either remove it through Settings and the App Manager submenu or install a full-featured Android security solution that will scan your device and remove it automatically.
By way of prevention, there are several steps you can take to mitigate the chances of falling victim to similar schemes in the future:
- Never click on links or attachments that you received via an unsolicited message or from someone you don’t know
- Only download apps from official app stores, since they have rigorous approval processes in place
- Always use a reputable mobile security solution
- Be wary of what kinds of permissions you grant to applications