WhatsApp Pink is Likely an Updated Variant of January’s Trojan Huawei Campaign
Security Researcher Rajshekhar Rajaharia tweeted a warning on April 17th that a new WhatsApp impersonator was infecting android devices through group chats.
Auto-reply function deploys Trojan APK link
WhatsApp has faced multiple security threats last year, including an incident last June when Global Media reported a WhatsApp verification scam which was hijacking target devices.
This January, a worm malware in the form of a fake Huawei app link was deployed as a WhatsApp message with the incentive of the chance of winning a new mobile phone. The malware would then autoreply to any incoming WhatsApp messages with the same link. Once the app was downloaded, the device would be infected and would further propagate through the next device’s WhatsApp messages.
WhatsApp Pink is believed to be an update from the Huawei malware, as it does not only auto-reply to WhatsApp messages, but also to Viber, Signal, Telegram, and Skype messages. They promote themselves as a pink version of the original green-themed app which, when downloaded, is nowhere to be found other than intercepting your correspondences, auto-replying to your incoming messages with a link to the APK download, which contains the malware.
What is an APK?
APK stands for Android Package Kit: a file format used for installing Android applications. This is WhatsApp Pink’s delivery method, infecting android users.
What does WhatsApp’s end-to-end encryption actually protect?
One of WhatsApp’s bestselling features is their end-to-end message encryption. However, this does not entail protection of data at rest, which is data that is housed physically on computer data storage in any digital form. End-to-end encryption protects communications and messages in transit, but not against the compromise of an end device. This is important to note for consumers, who may understand such encryption to mean total protection and trust links coming through the messaging app that would otherwise raise eyebrows.
What does this show us about future threats?
As far as experts have seen so far, the main function of this worm has been mass propagation, but this does not mean that there is no need for alarm. On the contrary, many believe that this was a test campaign, preparing for a much more lucrative and harmful payload in the future using similar mechanisms in different guises.
Once your device is infected with the malware, there is not much you can do to stop the mechanism, but if you have been the victim of the WhatsApp Pink campaign, you can remove it from the App Manager submenu within Settings. To be sure that there are no traces left, it is highly advised to scan your device with a mobile antivirus solution.
As we advised in October, if your phone or tablet starts acting strangely after a download, remove it immediately. You may need the help of antivirus software to remove a malicious app. Read our guide and the signs your phone is hacked.