A new WhatsApp scam promises a pink makeover for the app on Android, but don't be tempted to download it: It's actually malware that can steal your data.
Internet security researcher Rajshekhar Rajaharia flagged up the scam on Twitter (opens in new tab), warning users not to be taken in by its promise to change WhatsApp's green theme to pink. What's more, the scam presents itself as an official update — so if you see the APK download link that's being spread in WhatsApp groups, do not click on it.
- The best Android antivirus apps to keep your device clean
- The best WhatsApp alternatives for 2021
- Plus: Android 12 could get this long-time Windows and MacOS feature
Rajaharia warns (opens in new tab) that hitting the link could give hackers access to your device, as well as spreading to your contacts via messages. He adds that the malware -- technically a Trojan, or malware posing as benign software so the user is tricked into installing it -- seems to be contained to just Android devices, so iOS WhatsApp users don't need to worry.
Beware of @WhatsApp Pink!! A Virus is being spread in #WhatsApp groups with an APK download link. Don't click any link with the name of WhatsApp Pink. Complete access to your phone will be lost. Share with All..#InfoSec #Virus @IndianCERT @internetfreedom @jackerhack @sanjg2k1 pic.twitter.com/KbbtK536F2April 17, 2021
Of course, if you've already been had, it's not the end of the world. It's time for damage control, and Rajaharia outlines (opens in new tab) the next steps you need to take.
First, uninstall WhatsApp Pink. Next, unlink all WhatsApp Web devices, then head into your settings and clear your browser cache. After that, check permissions for all of your apps. If you spot anything suspect here, you can revoke permissions as you see fit.
To avoid scams like this in the future, it's best not to install any APK or apps that aren't the official versions from your platform's respective app stores.
Make sure that no apps or processes other than the official Google Play Store app can install software on your Android device. Go into Settings > Apps & Notifications > Special App Access > Install Unknown Apps and check to make sure that "Not Allowed" is under all the apps listed.
Jiten Jain, director of cybersecurity firm Voyager Infosec, told Outlook India (opens in new tab):
"Such malicious apps can be used to compromise your phone and steal personal data like photos, SMS, contacts etc. Keyboard based malwares can be used to track everything you type. It can be used to capture and steal banking passwords. The current case of Pink WhatsApp or WhatsApp Gold is also a case of malware impersonating as fake WhatsApp feature apps."
A WhatsApp spokesperson told the outlet: "Anyone can get an unusual, uncharacteristic or suspicious message on any service, including email, and anytime that happens we strongly encourage everyone to use caution before responding or engaging. On WhatsApp in particular, we also recommend that people use the tools that we provide within the app to send us a report, report a contact or block contact."