One of the latest attacks on Android comes from WhatsApp, a virus that is capable of spreading automatically from WhatsApp itself.
The Android WhatsApp worm has been discovered by ESET researcher Lukas Stefanko, who claims that this malware is spreading through the WhatsApp network automatically, abusing the phone’s notification system.
The attack itself takes advantage of our ability to accept the weakness of the human being to click and accept whatever is put in front of us. The link spreading via WhatsApp is similar to the URL that the link of a Google Play application would have, but it is a false link that takes us to an application store. Again, a fake copy of Google Play in which pressing install downloads a fake APK from Huawei.
Once this file is downloaded, it asks us manually to grant it permission to show itself on other applications, to ignore battery optimizations and allow the application to access our notifications. Without realizing it, we have given a lot of power to this application so that it is able to do whatever it wants on our mobile.
In this way, the app is not only able to run in the background but also to appear on top of other apps; This is important because it allows the malware to create versions of popular apps and websites and display them on top, obtaining our passwords and information.
Thanks to the control over the mobile that it has gained, the app then sends messages by WhatsApp to our contacts to repeat the loop again.
ESET advises that, although for now it only uses WhatsApp as the distribution method, you also have to be careful with similar messages on Messenger or Telegram. ESET states that this is the first time that Android malware has similar functionality to distribute itself through WhatsApp messages.