Analysis of Android worm that spreads via WhatsApp messages to your contacts
This malware spreads via victim's WhatsApp by automatically replying to any received WhatsApp message notification with a link to malicious Huawei Mobile app. Message and link that will be send is received dynamically from C&C server. Replying to messages is done via Android Notification Direct Reply actions (if you receive WhatsApp message notification, you can right away “Reply” or “Mark as Read/dismiss”). That is what malware misuses to reply back.
Message is sent only once per hour to the same contact.
Its main functionality looks to be adware or subscription scam.
Warning: Be caution when analyzing malware, this isn't a testing sample, it is actual Android malware found in the wild that will harm your device.
Discovered by @ReBensk: / 1352201093728518149
Sample: koodous.com/apks/1adeaa0dc086...
More information: www.welivesecurity.com/2021/0...
Follow me on Twitter: / lukasstefanko
21 янв 2021