WhatsApp worm spreading Android malware — protect yourself now [updated]

WhatsApp worm spreading Android malware — protect yourself now
(Image credit: NurPhoto / Getty Images)

Updated with comment from WhatsApp.

WhatsApp is being used to spread a malicious Android app, according to a prominent security researcher.

Lukas Stefanko of ESET, following up on a tip from Twitter user @ReBensk, detailed the WhatsApp worm in a YouTube video (embedded below). If an infected phone receives a WhatsApp message notification, the phone immediately sends back a link to a fake Google Play page inviting users to download the malicious app, Stefanko demonstrated.

In Stefanko's example, the malicious app is a fake Huawei app that seems designed to display ads on infected devices and earn money for the app distributors. But it could take other forms — one Twitter user reported seeing a similar scam involving a fake Netflix app.

In the grand scheme of dangerous Android malware, this kind of adware is pretty mild stuff, but you still don't want it to get on your phone. 

"This malware could possibly distribute more dangerous threats since the message text and link to the malicious app are received from the attacker's server," Stefanko told his colleague Amer Owaida in an ESET blog post. "It could simply distribute banking Trojans, ransomware, or spyware."

To avoid infection, make sure your Android phone can install software only from the official Google Play store. 

This varies among phones, but in general you want to go into Settings > Apps > Special Access > Install Unknown Apps, and then make sure none of the apps on your phone are allowed to install apps on their own. 

On older phones running Android 7 Nougat and earlier, it's Settings > Security, then make sure Unknown Sources is toggled off.

You also want to be running one of the best Android antivirus apps, which will catch this malicious app before it installs. 

Update: WhatsApp comment

WhatsApp reached out to Tom's Guide and gave us this statement:

"This is a malicious app that tricks people into downloading it and sending phishing messages through permissions granted by the Android operating system. We are reporting this to the domain provider that the phishing service is using to take action and to protect against this abuse. We strongly encourage people never to install apps from untrusted sources and to never tap unusual or suspicious links. We also encourage people to report messages like this as soon as possible so that we can take action."

Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.