Lukas stefanko, a well-known ESET researcher, has found a new malware spreading via WhatsApp. It is a fake link to the Play Store to download a Huawei application, with a quite credible methodology to convince users that they are downloading an official app.
The link redirects to a website that simulates the Play Store interface, so that we can download an APK from Huawei with which “we can win a mobile phone.” Once the application is installed, get permission to read notifications as well as to run in the background and draw on other apps, thus being able to overlap to steal credentials.
Don’t download any app from unverified links
As indicated from TheHackerNews, there is a new worm on Android. The methodology is simple and quite credible for the average user. A message arrives on WhatsApp saying that let’s download an application to win a mobile. In general, it is always good to refuse to download anything in exchange for gifts, since most of these cases end up not being too honest.
The link seems to lead to the Play Store. In fact, the official link to a Google Play Store app is ‘https://play.google.com/store/apps/details?s’, while this link is practically identical, but with an http that should make us jump the alarms not being a safe address. Once we click on the link, we see a website almost identical to the Play Store, from which we download the app.
The app, under the name Huawei3572.apk, opens with an interface with the Huawei logos present. The first thing it does is ask us for overlay permissions, quite dangerous, since this allows the app to overlap with others to steal data. Second, it asks permission to bypass battery restrictions and always run in the background. It also asks for access to notifications, so you have almost full permissions to camp at ease after installation.
By giving all the permissions, it shows us a message that we are already participating in the raffle. It does not do anything else or has more interface, but it will stay in the background running, without being able to be closed by the system automatically.
Stefanko reports that the code of this malware is capable of sending automatic responses to WhatsApp contacts with the download link to the malware itself, something that makes it possible to continue distributing.
Via | The Hacker News
was originally published in