WhatsApp Pink Malware Automatically Replies to Signal, Skype Messages
A WhatsApp Malware Dubbed WhatsApp Pink Has the Ability to Automatically Respond to Victims’ Signal, Telegram, Viber, and Skype Messages.
Earlier this week, a blog post published by ESET researchers reveals that a new update to the fraudulent WhatsApp Pink app is capable of automatically replying to your messages from a variety of apps, including Signal, Viber, Telegram, and Skype.
The new Android malware was first reported by security expert Rajshekhar Rajaharia. It seems to have been first spotted in India, where it was shared in various massive chat groups on popular instant messaging services.
According to ESET researcher Lukas Stefanko,
In order to install the malicious app, users are prompted to allow the installation of apps from places other than the official Google Play store, thus removing a key – and enabled-by-default – security precaution on Android devices.
However, the malware does request permission to access the user’s notifications.
Once the installation is completed and the user clicks on “WhatsApp Pink”, the app hides, pretending that the installation process never took place. Soon after, victims receive a message, to which they will have to reply in order to unwittingly cause the malware to spread further.
The “#WhatsApp Pink” trojan can now auto-reply to received messages not only on WhatsApp, but also Signal, Skype, Viber and Telegram. The replies link to a malicious website further distributing the malware. #ESETresearch @LukasStefanko 1/3 pic.twitter.com/B5X0DEQTx2
— ESET research (@ESETresearch) April 19, 2021
Although apps like Signal, WhatsApp, and Skype protect communications and messages In transit, data Resting may be accessible to the person who has the device or the malicious app running on the device. As a result, end-to-end encryption should not be misinterpreted as protection against compromise by a final device using malicious apps like WhatsApp Pink.
The malicious app also requests other permissions, including to draw over other apps, which allows it to overlay over any other applications running on the device, and to ignore battery optimization, which enables it to run in the background and prevents the system from killing it off even if it starts draining the device’s power and resources.
Stefanko warned that this may just be a “test version” and we may see a more malicious variant in the future, and, additionally, the website could be used to host various types of malicious payloads.
Users who have downloaded the WhatsApp Pink application can remove it from the Settings and the App Manager submenu. To make sure the malware removal was successful, it is highly recommended to scan your Android device with a mobile antivirus solution.