How WhatsApp got used for a malware scam

How WhatsApp got used for a malware scam

Everybody's favorite instant messenger service, WhatsApp, inadvertently became an accomplice to a malware scam recently when code written into some dubious apps used the WhatsApp service to scrape user phone numbers and register them for a premium text messaging service. The apps involved have been removed from the Play Store, but it's still worth checking to see if you have any of them installed.

whatsapp google play
Even WhatsApp can get caught up in a malware attack. / © WhatsApp, Google, AndroidPIT

The malware apps, identified by security researchers at Panda Security, included the four following free apps:

© Clark Beggage/CanarApp

The scam arrived in a particularly ingenious way. First of all, when a user opened one of the apps, they were prompted to access another part of the app. In the example given by Panda, a diet app prompted the user to access a particular diet, but the 'Accept' button popped up on top of the previous screen, where, almost imperceptibly, a load of fine print so fine no normal person could actually read it, appeared. By accessing the diet you also agree to all those terms and conditions, which include signing you up to a premium texting service.

AndroidPIT Dietas Abdomen Screens
Notice the incredibly fine fine print in the bottom of the screenshot (right)? / © Clark Beggage/Panda Security
AndroidPIT Dietas Abdomen Conditions
Sure! Sign me up for a premium texting service, I've obviously seen and read these microscopic terms and conditions. / © Clark Beggage/Panda Security

WhatsApp enters the fray where the phone number was required. Normally, an app will pull the user's phone number from their SIM card, but for various security reasons many carriers no longer store the user's phone number there. To circumvent this practice, the malware apps concerned in this scam simply piggy backed on WhatsApp because the instant messenger app uses your phone number as an account identifier. Once the dodgy apps have your number, they register it for a premium SMS service and then delete all evidence it ever existed. Sneaky stuff indeed. Here's how Panda Security described the process:

Without the user knowledge the app will get the phone number of the device, will go to a website and will register it to a premium SMS service. This service require a confirmation to be activated, which means it sends a SMS to that number with a PIN code, which have to be entered back to end the process and start changing you money. This app waits for that specific message, once it arrives it intercepts its arrival, parses it, takes the PIN number and confirm your interest in the service. Then it removes it, no notification is shown in the terminal and the SMS is not shown anywhere. Again, all this is done without the user knowledge.

Have you been scammed by an app in Google Play? Did you install any of these apps?

Source: Panda Security

Latest articles at NextPit

Recommended by NextPit

No comments

Write new comment:
All changes will be saved. No drafts are saved when editing
Write new comment:
All changes will be saved. No drafts are saved when editing