Download this application to win a Huawei phone, is the message through which users could be tricked into downloading a fake mobile application, also associated with the Chinese brand.
The manufacturer of NOD32, ESET, warns about a new malware campaign carried out through the WhatsApp platform. Potential victims are urged to download an application from a website called Google Play, unrelated to the official Android app store.
“This program spreads through the victim’s WhatsApp, automatically responding to any WhatsApp message notification with a link to a malicious Huawei application,” says ESET specialist Lukas Stefanko. The malware, which was first reported by Twitter user @ReBensk, appears to be aimed primarily at generating fraudulent advertising revenue for its operators.
To install the malicious application, users are first encouraged to grant system permissions that allow Android applications to be installed from sources other than the official Google Play Store, thus bypassing an essential security mechanism, enabled by default on Android devices.
Once the installation process is complete, the application continues to request other permissions, including access to notifications and the Direct Reply function, making it easier to send messages to all contacts in the WhatsApp list.
“By combining these two features, malware can respond effectively with a personalized message to any WhatsApp notification message received,” Stefanko said. The malware then runs in the background until it receives a response from the server while waiting for a WhatsApp notification message which is then used to distribute the malicious link to the victim’s contacts.
The application also requires permission to run in parallel with other applications, which allows it to overlap with any other application currently in use, while blocking routines to optimize battery consumption.
Currently, the application seems to be used mainly in an adware campaign or unsubscribe to unsolicited services, the pretext of winning a Huawei phone is not materialized in any way. “This malware could distribute even more dangerous threats, as the text of the message and the link to the malicious application come from the attacker’s server. It could simply distribute banking trojans, ransomware or spyware, ”Stefanko said.
