Hi Guys,

We have just been made aware of a new form of wormable malware currently spreading through WhatsApp. Once infected, the malware spreads via the victim’s WhatsApp by automatically replying to any received WhatsApp message notification with a link to a malicious Huawei Mobile app.

Here is an example of how it works:

  1. You send a message to a friend on WhatsApp
  2. You get a response from them with a link to a bogus Huawei Mobile app.
  3. When you click on the link, you are taken to a lookalike Google Play Store website.
  4. When you install the fake app, you are installing malware.
  5. Once infected, the malware will be able to do the following:
  • Read your notifications
  • Run in the background (making it hard to detect)
  • Draw over other apps (used to steal your login credentials and additional sensitive information.
  • Spread itself to your contacts by automatically replying to any messages you receive with a malicious page link. Because this is wormable malware it can spread very fast, like a wildfire.

How to protect yourself

We are in the process of adding this to our scanner, but in the meantime:

  1. Do not click on any links to a Huawei Mobile app unless you are 10000000% certain that your contact sent it to you.
  2. Only install apps from an official app store such as the Google Play Store.
  3. Do not install any app from a link sent to you unless you are sure it is a legitimate link. Call the person who sent it and ask them to confirm that they sent it.

I will keep you posted. Please share this info with any other android users you know.

Thanks and talk soon.

Max Roberts,
Incognito Privacy Care Team