WhatsApp is being used to spread a malicious Android app, according to a prominent security researcher.
Lukas Stefanko of ESET, following up on a tip from Twitter user @ReBensk, detailed the WhatsApp worm in a YouTube video (embedded below). If an infected phone receives a WhatsApp message notification, the phone immediately sends back a link to a fake Google Play page inviting users to download the malicious app, Stefanko demonstrated.
In Stefanko’s example, the malicious app is a fake Huawei app that seems designed to display ads on infected devices and earn money for the app distributors. But it could take other forms — one Twitter user reported seeing a similar scam involving a fake Netflix app.
In the grand scheme of dangerous Android malware, this kind of adware is pretty mild stuff, but you still don’t want it to get on your phone.
“This malware could possibly distribute more dangerous threats since the message text and link to the malicious app are received from the attacker’s server,” Stefanko told his colleague Amer Owaida in an ESET blog post. “It could simply distribute banking Trojans, ransomware, or spyware.”
To avoid infection, make sure your Android phone can install software only from the official Google Play store.
This varies among phones, but in general you want to go into Settings > Apps > Special Access > Install Unknown Apps, and then make sure none of the apps on your phone are allowed to install apps on their own.
On older phones running Android 7 Nougat and earlier, it’s Settings > Security, then make sure Unknown Sources is toggled off.
You also want to be running one of the best Android antivirus apps, which will catch this malicious app before it installs.