Android WhatsApp Worm | spreads via WhatsApp messages to contacts | impersonates Huawei Mobile app

Подписаться 392 тыс.

Просмотров 152 тыс.

50% 1

Analysis of Android worm that spreads via WhatsApp messages to your contacts
This malware spreads via victim's WhatsApp by automatically replying to any received WhatsApp message notification with a link to malicious Huawei Mobile app. Message and link that will be send is received dynamically from C&C server. Replying to messages is done via Android Notification Direct Reply actions (if you receive WhatsApp message notification, you can right away “Reply” or “Mark as Read/dismiss”). That is what malware misuses to reply back.
Message is sent only once per hour to the same contact.
Its main functionality looks to be adware or subscription scam.
Warning: Be caution when analyzing malware, this isn't a testing sample, it is actual Android malware found in the wild that will harm your device.
Discovered by @ReBensk: / 1352201093728518149
Sample: koodous.com/apks/1adeaa0dc086...
More information: www.welivesecurity.com/2021/0...
Follow me on Twitter: / lukasstefanko

Наука

Опубликовано:

21 янв 2021

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 51

@ciph3r836 3 года назад

Such neat research. The malware author is quite resourceful

@kinjamuruvatin6971 3 года назад

Great demonstration!! Thank you!!

@imatifktk 3 года назад

Brilliantly researched analysis!!!

@mobilehacker 3 года назад

Thanks a lot Atif!

@bijuverghese8012 3 года назад

Hi Lukas Stefanko nice demo by the way. How can we verify if the developer is genuine one or not like the Huawei one demo which you showed just now. I was thinking if this could happen with Huawei then it can happen with other apps in google play store also how can users those who are not technically sound protect themselves from being victim of such malware

@ankshitdey3126 2 года назад

Good job nowadays your sound quality is better

@matthewlemon 3 года назад

If you check the APK's on something like Virus Total, most of the top AV's detect the fact that it's a virus.

@currency9641 3 года назад

Nice I am from India

@karakurt8516 3 года назад

Is it possible that the hacker sends a picture of his own gallery instead of a message?

@arthursumer6012 3 года назад

bro I want to try to analyze this APK. Can you give me a download address?

@johnantony7803 3 года назад

I have just clicked the link but didn't download the app I came back...whether it's ok? Pls reply

@RedOpsArena 3 года назад

Nice video bruh ❤️

@RedOpsArena 3 года назад

But why did Google Play Protect didn't scan the source code

@izpcshop7326 3 года назад

@@RedOpsArena it's a fake google play store website.

@mughalmughal9212 2 года назад

Nice

@IvanSchob 3 года назад

super video like to you

@sivakillergaming9686 3 года назад

😍😍😍😍😍😍😍😍

@nayelialmonasi9948 3 года назад

What if you uninstall the app? Does it stay in the system or is it completely deleted?

@mobilehacker 3 года назад

If you uninstall the app, it would be completely deleted from the system. It doesn't use such tricks.

@nayelialmonasi9948 3 года назад

@@mobilehacker Oh I see. It only affects as long as it is installed and has all the permissions. Right?

@mobilehacker 3 года назад

@@nayelialmonasi9948 Yes, affects only as long as it is installed. It doesn't have all the permissions, it could have been suspicious for user, since user has to manually enable them, but only permissions that are necessary for its functionality.

@nayelialmonasi9948 3 года назад

@@mobilehacker One last question. how did you analyze the app? I mean, you extracted the apk and... How did you get its code? Is it reverse engineering?

@mobilehacker 3 года назад

@@nayelialmonasi9948 yes, I used reverse engineering to decompille the apk and then identify its functionality

@kwakuboateng6987 3 года назад

what language was the malware written in

@mobilehacker 3 года назад

Java

@anandvamsi 3 года назад

I want app link

@erpandistro4118 3 года назад

are you androidmalware on instagram ?

@editing_with_ajay 2 года назад

INDIA se kon h

@DkReaction27 4 месяца назад

@teslagaming7444 3 года назад

what will the developer of this fake application get by doing this.

@mobilehacker 3 года назад

Its main functionality looks to be adware or subscription scam. Also, at some point, it can switch and start to send more dangerous type of malware or phishing websites to WhatsApp contacts.