It poses as a Huawei app which users are tricked into downloading from a fake Google Play Store

Android users are being warned against Malware that spreads by automatically replying to victims’ WhatsApp messages.

The link connects its victims with a convincing web page resembling Google’s Play Store, with a fake ‘Huawei Mobile’ app.

Should users install and activate the malicious app, it’ll immediately ask for various permissions to perform its key functions, including access to contacts and permission to draw over other apps. This latter feature means it can run in the background while other apps are in use on the victim’s device. Users are also presented with a request to ignore battery optimisation, which if activated, means the app cannot be killed by the system if spare resources are needed. Finally, the malicious app demands access to notifications, specifically WhatsApp notifications, so it can scan for incoming messages and distribute further among contacts.

Once all the permissions are guaranteed and the malicious app is set up, it runs in the background and waits for instructions from the command and control server, as well as incoming WhatsApp messages so it can spread. When messages are received through WhatsApp, the malware scans for these and automatically sends a reply on the user’s behalf which includes the malicious link. This is accompanied with a message asking the contact to visit the fabricated Play Store page and download the fake Huawei app. The app surreptitiously only messages the malicious link to one contact once per hour. This is in order for the app not to arouse suspicions and remain in operation for as long as possible before detection and removal.

Are you concerned about your mobile security? Call our Team on 0345 450 9393 and have all your devices protected.