Updated with comment from WhatsApp.
WhatsApp is being used to spread a malicious Android app, according to a prominent security researcher.
Lukas Stefanko of ESET, following up on a tip from Twitter user @ReBensk, detailed the WhatsApp worm in a YouTube video (embedded below). If an infected phone receives a WhatsApp message notification, the phone immediately sends back a link to a fake Google Play page inviting users to download the malicious app, Stefanko demonstrated.
- iPhone security alert: Update to iOS 14.4 right now
- The best Android antivirus apps to keep your phone clean
- Plus: Leaving WhatsApp? Telegram wants to make it simpler to move over
In Stefanko's example, the malicious app is a fake Huawei app that seems designed to display ads on infected devices and earn money for the app distributors. But it could take other forms — one Twitter user reported seeing a similar scam involving a fake Netflix app.
In the grand scheme of dangerous Android malware, this kind of adware is pretty mild stuff, but you still don't want it to get on your phone.
"This malware could possibly distribute more dangerous threats since the message text and link to the malicious app are received from the attacker's server," Stefanko told his colleague Amer Owaida in an ESET blog post (opens in new tab). "It could simply distribute banking Trojans, ransomware, or spyware."
To avoid infection, make sure your Android phone can install software only from the official Google Play store.
This varies among phones, but in general you want to go into Settings > Apps > Special Access > Install Unknown Apps, and then make sure none of the apps on your phone are allowed to install apps on their own.
On older phones running Android 7 Nougat and earlier, it's Settings > Security, then make sure Unknown Sources is toggled off.
You also want to be running one of the best Android antivirus apps, which will catch this malicious app before it installs.
Update: WhatsApp comment
WhatsApp reached out to Tom's Guide and gave us this statement:
"This is a malicious app that tricks people into downloading it and sending phishing messages through permissions granted by the Android operating system. We are reporting this to the domain provider that the phishing service is using to take action and to protect against this abuse. We strongly encourage people never to install apps from untrusted sources and to never tap unusual or suspicious links. We also encourage people to report messages like this as soon as possible so that we can take action."