According to Lukas Stefanko, author of the security report, the goal of the operators is to trick users into tricking users into installing adware on their systems or exposing them to unauthorized subscription scams: “The malware is deployed via services like WhatsApp, forcing the app to automatically respond to any message containing a link to a malicious version of Huawei Mobile”, the researcher mentions.
This link redirects users to a site that looks similar to the official Google Play Store where users are asked to download a malicious app that asks users for access to sending notifications, a critical factor in deploying a successful attack. This attack focuses on WhatsApp’s quick reply feature, used to respond to an incoming message directly from the notification bar. Below is an example of how the virus is deployed via messaging applications.
In addition to accessing system notifications, this malicious application also requests permission to run in the background and modify settings of other applications, which could lead to the theft of authentication credentials. Analyzed in an earlier version, it was found that the application code may send automatic responses to the victim’s WhatsApp contacts; however Stefanko believes that later versions of this malware will be able to send responses through other Android applications that have settings similar to those of WhatsApp.
Automatic replies are sent to the same contact once an hour, although the content of the message and malicious link are retrieved from a remote server; In other words, malware can be used to spread other websites and malicious applications. Stefanko also mentions that he found it impossible to determine exactly how the initial infection occurs, although he mentions that there are multiple possibilities: “It all starts with sending text messages, emails, social media posts, using chat groups, among other options.”
For more information on vulnerabilities, exploits, malware variants, cybersecurity risks and information security courses, feel free to access the International Cyber Security Institute (IICS) website.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.