An Android worm named WhatsApp Pink malware has been found spreading and targeting WhatsApp users in the Indian subcontinent.
The worm has been updated with advanced capabilities that can automatically respond to messages received on multiple instant messaging apps.
What has happened
A security researcher has warned WhatsApp users of a new malware spreading via WhatsApp group messages containing links to scam sites. The app promotes itself to be a pink-themed version of WhatsApp.
- The malicious application is spreading via malicious links appearing within messages that read: Apply New Pink Must-Try New WhatsApp. http://XXXXXXXX/?whatsapp.
- When a user clicks on the link, they will be redirected to a page where they can download the WhatsApp Pink malware APK. The page has a download button that, when clicked, downloads the malicious file, WhatsappPink[.]apk.
- This worm is in fact a variant (detected as Android/Spams.V) of another malware, a fraudulent Huawei app, that was spotted earlier this year. It can auto-reply to messages received on Signal, Viber, Skype, and Telegram.
Recent attacks on WhatsApp
In recent months, there had been several incidents where malware mimicked legitimate WhatsApp applications or threat actors used malicious links to spread and infect unsuspecting users with malware.
- A threat group, Arid Viper, was found using 41 phishing sites to spread its Android spyware with snooping features. The spyware pretended to be fake versions of messaging apps WhatsApp and Threema.
- Recently, Check Point Research discovered the FlixOnline malware hidden in a fake application on Google Play. The malware has the ability to propagate itself via users’ WhatsApp messages.
Researchers surmise that this latest variant of Whatsapp Pink malware could be just a test and they hinted that more variants may be spotted in the near future. Thus, users who have downloaded this malicious app can remove it from the Settings and App Manager submenu. In addition, users should scan their Android device with an anti-malware app.