Android warning: Malicious text can install a WORM on your phone – and it infects any friends who message you on WhatsApp too
- Worm is designed to gain control of other apps also installed on the phone
- Shows a fake, but convincing, screen that looks its from legitimate Play Store
- Asks user to download a ‘Huawei Mobile’ app which is also a convincing fake
- Experts urge people to only download apps from the Google Play Store and not from WhatsApp links
Android users are being targeted by a piece of malicious software which tricks users into downloading a fake app that also targets the devices of friends via WhatsApp.
The so-called ‘worm’ can only infect a person’s phone if they receive the message themselves and click on the link it contains.
It then requests the user enables a variety of functions and permissions. These activate a hidden capability which means when the phone receives a WhatsApp message it will instantly reply with a link to the dodgy site.
The intention of the scam is to bombard people with ads, which creates revenue for criminals, or to dupe people into signing up for a subscription service.
However, the tech could also be easily adapted to become more sinister and steal personal information as well as bank details, experts warn.
The worm automatically sends a message to a person who has messaged the user via WhatsApp. But it is pinged out no more than once an hour to avoid looking like blatant spam and says ‘Download This application and Win Mobile Phone’
The automatically sent message is pinged out just once an hour to avoid looking like blatant spam and reads ‘Download This application and Win Mobile Phone’.
The accompanying URL is made to look like a Google link in order to trick the recipient, however it is another hoax.
If a person does click the link it brings up a site which is a convincing clone of the Google Play store but is in fact a phoney.
It asks the person to download an app called ‘Huawei Mobile’. This is not a real Huawei app and is made by the scammers.
If a person does click the link in the WhatsApp message it brings up a site which is a convincing clone of the Google Play store (left) but is in fact a phoney, It asks the person to download an app called ‘Huawei Mobile’. This is not a real Huawei app and has been created by the scammers. If a person presses ‘install’ and approves the requests (pictured), the cycle continues
HOW TO AVOID ANDROID ‘WORMS’
The WhatsApp scam which uses a fake Google Play Store screen and a phoney Huawei app to trick customers is the first of its type to be found in mobile devices.
It involves allowing a bunch of permissions under the pretence of winning a new phone and unwittingly granting the malware control of all apps on the phone.
It uses this ability to auto-reply to WhatsApp messages once an hour per contact. Once it is in the phone, it is hard to remove and the device has already been breached.
The best protection is prevention, and to avoid allowing the worm onto the phone in the first place.
Only download apps that are on the legitimate Play Store app.
Do not trust sites which are accessed via a link, go directly through the Play Store as these are vetted and official.
A WhatsApp spokesperson told MailOnline: ‘This is a malicious app that tricks people into downloading it and sending phishing messages through permissions granted by the Android operating system.
‘We are reporting this to the domain provider that the phishing service is using to take action and to protect against this abuse.
‘We strongly encourage people never to install apps from untrusted sources and to never tap unusual or suspicious links.
‘We also encourage people to report messages like this as soon as possible so that we can take action.’
Lukas Stefanko, a researcher at cybersecurity firm ESET, discovered the flaw and posted a video showing how it functions to YouTube.
Ray Walsh, a technology expert at ProPrivacy, says the scam has the potential to steal personal information and personal information and credentials.
‘It appears that the primary aim of the malware is to trick victims into falling for an adware subscription scam, which leads to the victim being defrauded,’ he says.
‘This is the first worm type attack that spreads via WhatsApp messages, and what is concerning is that it could actually be expanded to work with other messengers that leverage Android’s quick reply feature too.
‘Users are reminded that they should not download any apps unless they have found them in the official app store, and to remember never to download any apps after clicking on links in a WhatsApp message.’
Jake Moore, a Cybersecurity Specialist at ESET, is encouraging people to be careful and vigilant when sent links on any platform that they do not recognise or seem unusual.
‘People must be extremely careful when receiving any link, but especially when the link is to what appears to be an app store.
‘Although it only works on specific phones, this malware has the potential of stealing banking passwords or encrypting the phone altogether which can bring further damage.
‘Using WhatsApp to drive this malware works to its advantage as many people use the messaging platform and will believe it to be genuine when they first view the message.
‘The message coming from their contacts just heightens the perceived verification from someone they trust.’