New WhatsApp virus infecting devices via YouTube APK

By now, anyone would say that it is not necessary to have taken a cyber security course to know that it is not convenient to download applications or files from unknown sources, although this is still a common practice, especially if threat actors manage to find a topic of interest for target users. Mobile security specialists have revealed the finding of a new malware presented as a YouTube APK and sent via WhatsApp. The attack has been detected in several African countries, mainly in Kenya.

This fake YouTube app was recently discovered by developer Solomon ‘Jade’ Thuo, who explained how it works. Below is a screenshot to identify how it looks when a user receives it in the messaging service.

The first indicator that something is wrong is the fact that it’s a supposedly free YouTube APK, which makes no sense, mention experts from a cyber security course. If users fall into the trap and decide to use it anyway, after installation the APK starts sending text messages to the user’s contacts.

The APK then obtains permissions to read, send, and receive messages on the user’s device, as well as request administrator permissions on the Android system, which would allow it to erase and format the user’s memory card.

If it gets these permissions successfully, the APK starts sending text messages to other users requesting a transfer for a minimum amount, indicating that the threat actors behind this campaign target a large number of users, rather than requesting large numbers from a specific group.

The problem doesn’t end there. According to the experts of the cyber security course, upon completion of its installation process, the APK begins to deploy other malicious activities, mainly infesting the user’s device with invasive advertising. Specialists do not rule out that the APK also contains some variant of fake click-generating malware. Finally, it should be noted that the developers of this APK did not include a user interface, so it will remain unnoticed with the naked eye, complicating the uninstalling process a little.

The International Institute of Cyber Security (IICS) mentions that the main security measure against these attacks is to completely ignore any supposed APKs developed by strangers or downloaded from external sources to official platforms, either from Apple or Google.