Posted on 04/08/2021 12:33:55 PM PDT by Red Badger
A new form of Android malware has begun spreading itself by creating auto-replies in WhatsApp. Check Point Research recently discovered the malware in a fake application on Google Play.
Now, any users who have downloaded the malicious application and granted the necessary permissions, the malware can use the auto-reply messages in WhatsApp to send the users an evil payload via a command-and-control (C&C) server. This eclectic strategy could be helping attackers to carry out phishing attacks, steal credentials and WhatsApp data as well as spready false information, among other illicit activities.
The fake app on Google Play was called "FlixOnline," a false service claiming to allow users to utilize the Netflix streaming service from anywhere in the world. However, rather than provide access to Netflix, the app actually interacts with the user's WhatsApp account to send those fake auto-replies. In fact, threat actors can even extort users by threatening to sell their personal WhatsApp conversations and data to all of the users' contacts.
Once a user downloads and installs the application from the Play Store, the malware initiates a service that requests "Overlay," "Battery Optimization Ignore" and "Notification" permissions. Permissions such as Overlay enable attackers to open new windows on top of existing applications for purposes of creating fake login portals to steal user credentials. Batter Optimization Ignore allows the attacker to keep the malware running even after the phone goes idle in order to conserve battery power. Finally, the Notification permission lets attackers view all notifications regarding messages sent to the user's device, including the ability to dismiss or reply to these messages.
Once such permissions are obtained, the malware hides its icon so the software can't be easily deleted. The application conceals itself using updates from the C&C server that routinely changes the malware's configuration. A way this configuration altering might happen involves the C&C server performing an update of the application once the device runs the malware. Specifically, the server uses the OnNotificationPosted callback in order to automatically update the malware.
In fact, as soon as the malware detects a new message notification, the evil app hides the notification from the user so only the malware can view the message. Next, the malware initiates the callback to send the user the fake auto-reply.
Since Check Point Research informed Google about this malicious app, Google has since removed the evil application from the Play Store. Prior to removal, this app was downloaded approximately 500 times.
Explore further
A new advanced Android malware posing as system update More information: Hazum, A., et al. "New Wormable Android Malware Spreads by Creating Auto-Replies to Messages in WhatsApp." Check Point Research, Check Point Software Technologies, 7 Apr. 2021, research.checkpoint.com/2021/n … essages-in-whatsapp/.
Ping!.................
Great. Just great.
I have a crap L51 android I have to use for work. I almost never use it except to charge it and delete some texts and the occasional voicemail and update the OS when it sends an alert.
I never browse on it in Firefox.
I have disabled FB, Chrome, never turned on Whatsapp
Almost every day I see a new “app” has been installed, with a little green or yellow munchkin bug icon.
Anyone know how to stop this?
Apps install w/out knowledge nor consent? That’s a whole lot of wrong. Can’t help you with the particulars of the droid, though
I trashed whatsapp 3 months ago
Thanks for the heads up. I live in Central America where WhatsApp is like the national phone company. You can’t really get by without it. However, I have no desire to watch NetFlix so I would not be tempted to download the app.
Check Point, I believe, is the parent company of ZoneAlarm, the PC firewall software.
Zone Alarm is still around?! wow, haven’t heard that name is a decade & 1/2...
(I think BlackIce was the same company, wasn’t it?)
Speaking of those... I wonder if they will ever get PeerGuardian back up and running.
I’m still (happily) on Windows 7 (with updates turned off for over two years). I’ve saved some old downloads and one was a firewall program from ZoneAlarm back when it was primarily selling firewall software. Nice simple effective program.
So I have the old program on my Win7 machine and it runs great. One time it asked me to upgrade and, when I did, it wanted to compete with my antivirus and antimalware programs, creating more trouble than it was worth so I uninstalled it and reinstalled the old simple software. That’s why I recognized the name CheckPoint.
Like some other products I’ve enjoyed, this probably got sold to a company that didn’t understand what they had and set about ruining it like yankees that buy up cajun food businesses only to kill them by yankeefying the product (been there, seen that).
One giant misnomer in business is that when a product says they’ve improved it, watch out. Sometimes it’s better but, just as often, it’s not which is why I won’t use Windows 10.
With my “Winblows” experience (I started messing with it at 3.0), after about a week, I would uninstall.. reinstall DOS 6.whatever (last I had was 6.22)...
Was a monthly routine, install latest Windows.. then go back to DOS..
XP.. I gave up DOS.
ME.. (I was wishing DOS was still around :P) .. went back to XP
(Around 2000, switched to RedHat).. then back to XP.
Win2000 came around (great for multi-chip, not for gaming)... went back to XP (Linux was a PITA)..
Bounced between Linux and XP..
VISTA came out —> back to XP...
Win7 came out... loved it.
FORCED upgrade.... (re-installed Win7 from backup)...
Switched to Linux Mint (with back-up Win7 for games).. learned to dual-boot.
Been dual-boot since. (Mint deserted KDE.. experimented with several DEs.. liked NONE of themm..settled with Kubuntu).
Now, have to settle with WinBlows 10 and Kubuntu... :p
Have been keeping Kubuntu updated, but haven’t yet got to learn it yet (WINE, etc.).. but will be working on that.
I do miss Win7 though.
btw.. missed many steps in there, but, you have the picture ;)
It’s usually in ‘SETTINGS’ that you can choose manual or auto installation of new ‘apps’, usually under Privacy or Security................
I try to keep the apps to a bare minimum on my android for reasons of performance and storage. I usually pare down the apps every so often, throwing apps off that I don’t use regularly. This is just another reason to follow that strategy.
All I needed to know was that Microsoft was forcing upgrades to Windows 10 in the middle of the night to know this was for Microsoft’s reasons, not their customers’. I came home late from work one night and there it was, switching over without my approval.
I killed the upgrade and disconnected my modem. When I rebooted, it told me the upgrade had not finished and would I like to continue. I clicked “no”. It then started a routine to uninstall the upgrade and return me to Windows 7. I sent Microsoft a sternly-worded (and likely ignored) e-mail about how this was a betrayal of customer confidence.
Someone even wrote a clever script to refuse any upgrade attempts to Win10 and I turned off the upgrade option (which I’m told is no option in Windows 10). Then I bought a CD copy of the Windows 7 operating system in case I needed it to reinstall. Haven’t needed it yet in two years despite all the warnings that my machine would go to hell once Win7 was no longer supported.
I gave Linux a try and could never get the hang of it. Besides, almost all the work-related machines I had to troubleshoot were running a version of Windows, not Linux. I don’t begrudge those who think Apple OS or Linux is better than Windows. They’re just not for me.
NEVER EVER NEVER NEVER EVER Use Whats APP!
The chicoms are all over it. Along with the CIA and Ruskies. But seriously. Don’t use it.
I’ve been using telegram. I know not perfect, but still better than whats app.
Oh and signal, guess who pushes that? The NSA. And guess who can read the messages? The NSA.
Thank you, I may have found the setting!
I couldn’t find it when I went through everything on Settings/ Privacy or Settings/Security but when I searched “install” I fund a Special App Access / Install Unknown Apps, and in there, 4-5 of my apps were set to be allowed to install other apps! (turned them off)
Included GoodRX, Drugs.com and Dropbox.
Will see if this does it, thank you again.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.