The new malware is transmitted via WhatsApp messages and has a high potential to spread, it is still unclear what its potential is.
WhatsApp, Google Play Store and Huawei: three big names of the digital world exploited together by hackers to spread a virus. A worm, to be precise, that is a malware that replicates itself by spreading among our contacts to amplify its spread as much as possible. In this case, it spreads among WhatsApp contacts.
To discover it was a semi-anonymous security researcher, who on Twitter is present with the profile @ReBensk. Lukas Stefanko, a cybersecurity researcher at Eset, relayed the news and also posted a video on Twitter and YouTube showing how this virus works. The malware hasn't been given a name yet but since only an Android version has been found at the moment, and not an iOS one as well, Stefanko generically calls it "Android WhatsApp Worm". This malware is spread via a fake Huawei Mobile app that the user downloads from a fake Google Play Store. Here is how the infection works.
How Android WhatsApp Worm Works
The Android WhatsApp Worm infection, we will also call it by this generic name pending further analysis to identify its exact family, starts with a message received on WhatsApp.
The message, in English, invites you to download an app to win a smartphone. The link included in the message mimics Google's Play Store address very well. If the user clicks on it, he is taken to a fake Play Store to download the fake Huawei Mobile app.
After downloading and installing, the app asks for a lot of permissions to operate, which it will need later to spread the virus further.
How to Replicate Android WhatsApp Worm
At this point everything is ready to spread Android WhatsApp Worm infection further. When someone sends a WhatsApp message to the person with the infected smartphone, the worm automatically goes into action and responds on its own by sending that contact the same message with the link to download the app.
The message is repeated every hour. The result is a chain, aimed at infecting as many smartphones as possible. To do so, the worm takes advantage of WhatsApp's "smart reply" feature, which allows you to reply to received messages directly from the notification area without opening the app. This makes it more difficult to notice that something is wrong with your smartphone.
What Android WhatsApp Worm Does
At the moment, this virus does not seem extremely dangerous: it just self-replicates without doing anything else. So it might be a first successful experiment by a young hacker.
But according to Stefanko it might be just the first phase of a campaign to defraud advertising circuits: when enough smartphones are infected, an adware (i.e. the virus that opens banner ads in the background) will be activated.