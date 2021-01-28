- Advertisement -

- Advertisement -

- Advertisement -

- Advertisement -

A cybersecurity expert from ESET, a developer of antivirus and protection software, has discovered a Android malware that spreads through WhatsApp, posing as a Huawei application.

A new attack from WhatsApp through a fake Huawei application accesses the permissions and information of the operating system.

Once the link is accessed, the malware spreads through the operating system and access permissions of the same to create an adware campaign, a form of malware that displays ads to the user, while monitoring all their behavior on the network to accumulate data and display specific ad groups.

Moreover, this malware is capable of replicating itself to infect other users. In this sense, the malware is able to automatically respond to any WhatsApp message notification received by the victim, sending the link to download the Huawei mobile application that contains the malicious software.

In this way, the malware reaches the victim as a WhatsApp message inviting them to download and install a Huawei application. By clicking on this link, the victim is redirected to a fake website that perfectly imitates that of the Google Play Store. Once this malicious application is downloaded and installed, it spreads through the operating system accessing the permissions to carry out the attack.

In the following video you can see how this application works:

The malware asks users for permission to send notifications, which it takes advantage of to activate an automatic response function that allows it to reply to any WhatsApp message that is received. This response is made directly from the notification area, without unlocking the terminal, so the user is not aware of this fact.

These messages are sent once an hour to the same contact from a remote server, increasing the possibility that the attacker could change the content to distribute other malicious applications.

Lastly, this malware is especially dangerous because it runs in the background over other applications, which could mean that it has access to the login credentials or sensitive and personal information of other applications.

.