WhatsApp Pink malware spreads via group chat messages

A WhatsApp malware dubbed WhatsApp Pink is able to automatically reply to victims’ Signal, Telegram, Viber, and Skype messages.

A WhatsApp malware dubbed WhatsApp Pink has now been updated, authors have implemented the ability to automatically respond to victims’ Signal, Telegram, Viber, and Skype messages.

WhatsApp Pink is a fake app that was first discovered this week, it poses as a “pink” themed version of the legitimate app. The tainted app includes malicious code that allows attackers to fully compromise a device, most of the infections were reported by WhatsApp users in the Indian subcontinent

The security expert Rajshekhar Rajaharia recently discovered that WhatsApp Pink is able to spread via group chat messages that contain APK download links.

Beware of @WhatsApp Pink!! A Virus is being spread in #WhatsApp groups with an APK download link. Don’t click any link with the name of WhatsApp Pink. Complete access to your phone will be lost. Share with All..#InfoSec #Virus @IndianCERT @internetfreedom @jackerhack @sanjg2k1 pic.twitter.com/KbbtK536F2— Rajshekhar Rajaharia (@rajaharia) April 17, 2021The link shared via group messages points to a page where visitors can download the WhatsApp Pink APK (WhatsappPink.apk).

Early this year, the ESET malware researcher Lukas Stefanko discovered an Android malware implementing wormable capabilities, like WhatApp Pink, it was spreading through WhatsApp chat messages.

Below the video shared by Stefanenko showing WhatsApp Pink:

https://www.instagram.com/reel/CN10sNGg2b8/?igshid=ayxxmsjaobv0

“This updated version of the Trojan does not send automatic responses only to messages that arrive from WhatsApp, but also to messages received in other instant messaging applications, which could be the reason for its apparent wider spread,” said Stefanko.

“The Trojan sends these automatic responses to any message that the user receives in applications such as WhatsApp, WhatsApp Business, Signal, Skype, Viber, Telegram.”

The “#WhatsApp Pink” trojan can now auto-reply to received messages not only on WhatsApp, but also Signal, Skype, Viber and Telegram. The replies link to a malicious website further distributing the malware. #ESETresearch @LukasStefanko 1/3 pic.twitter.com/B5X0DEQTx2— ESET research (@ESETresearch) April 19, 2021Once the app is installed on the device, when the user will click on its icon, the app disappears claiming that it was never even installed.

“The victim will then receive a message, to which they will have to reply in order to unwittingly cause it to propagate further.” reads the post published by ESET.

Experts from ESET speculate the app is under development, it could be a “test version,” and more malicious variants could be developed in the future.

The good news is that Android users that have installed the WhatsApp Pink app can simply remove it from the Settings and the App Manager submenu.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Follow me on Twitter: @securityaffairs and Facebook

try {
window._mNHandle.queue.push(function (){
window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”);
});
}
catch (error) {}

try {
window._mNHandle.queue.push(function (){
window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”);
});
}
catch (error) {}
Pierluigi Paganini

(SecurityAffairs – hacking, WhatsApp)

The post WhatsApp Pink malware spreads via group chat messages appeared first on Security Affairs.