Some Android users have been receiving a WhatsApp message that asks you to download an app to win a free mobile phone. If you have also received such a message, make sure you don't fall for the trap as it might risk your data like your contact list and personal details.
As per ESET malware researcher Lukas Stefanko, Android users are at a high risk of getting affected with the wormable malware. The message that's being referred here reads "Download This application and Win Mobile Phone". Stefanko dug into the malware and found that the message prompts users to download a fake Huawei app, asks for several permissions including notification access to instantly reply to WhatsApp messages that carry a link to the scammer's site. He further added that the malware through the victim's WhatsApp by automatically replying to any WhatsApp message notification with the link to the malware.
Stefanko says, "The worm spreads via messages to WhatsApp contacts only when the last received message by the victim was sent more than an hour ago." He suspects that the delay has been put intentionally to avoid suspicion among victim's contact as receiving a link as a response to every message might alert them.
A Twitter user by users name @ReBensk first saw and reported the malware. He claims that the malware aims to get advertising revenue for its operators using the fraudulent trick.
https://twitter.com/LukasStefanko/status/1352278725702856704?ref_src=twsrc%5Etfw
The malware is currently being exploited as an adware scam, but it said to have the potential to distribute banking trojans, ransomware, or spyware.
The Huawei app might look authentic if you don't pay attention to details, but its unavailability on the Play Store should alert you. For those who don't know, downloading apps from the Play Store is safe as it puts a layer of security to verify the developer's authenticity. The malware asks you to download an app from the web to get through those security layers, which in general, is the biggest red flag.
“This is a malicious app that tricks people into downloading it and sending phishing messages through permissions granted by the Android operating system. We are reporting this to the domain provider that the phishing service is using to take action and to protect against this abuse,” a WhatsApp spokesperson was quoted as saying MailOnline.
If you install the app, it will request you to enable permissions like sending notifications, access to draw over apps, and ignore battery optimization. DO NOT DO IT! Even if you download an app from the Play Store, make sure you understand why it needs that permission and what does it compromise.
We suggest you disregard such messages, block and report the sender and delete the message right away. Also, always avoid engaging with the message, even for fun, as you might put yourself and your contacts in potential harm.