WhatsApp Pink malware spreads via group chat messages

Pierluigi Paganini April 21, 2021

A WhatsApp malware dubbed WhatsApp Pink is able to automatically reply to victims’ Signal, Telegram, Viber, and Skype messages.

A WhatsApp malware dubbed WhatsApp Pink has now been updated, authors have implemented the ability to automatically respond to victims’ Signal, Telegram, Viber, and Skype messages.

WhatsApp Pink is a fake app that was first discovered this week, it poses as a “pink” themed version of the legitimate app. The tainted app includes malicious code that allows attackers to fully compromise a device, most of the infections were reported by WhatsApp users in the Indian subcontinent

The security expert Rajshekhar Rajaharia recently discovered that WhatsApp Pink is able to spread via group chat messages that contain APK download links.

The link shared via group messages points to a page where visitors can download the WhatsApp Pink APK (WhatsappPink.apk).

Early this year, the ESET malware researcher Lukas Stefanko discovered an Android malware implementing wormable capabilities, like WhatApp Pink, it was spreading through WhatsApp chat messages.

Below the video shared by Stefanenko showing WhatsApp Pink:

https://www.instagram.com/reel/CN10sNGg2b8/?igshid=ayxxmsjaobv0

“This updated version of the Trojan does not send automatic responses only to messages that arrive from WhatsApp, but also to messages received in other instant messaging applications, which could be the reason for its apparent wider spread,” said Stefanko.

“The Trojan sends these automatic responses to any message that the user receives in applications such as WhatsApp, WhatsApp Business, Signal, Skype, Viber, Telegram.”

Once the app is installed on the device, when the user will click on its icon, the app disappears claiming that it was never even installed.

“The victim will then receive a message, to which they will have to reply in order to unwittingly cause it to propagate further.” reads the post published by ESET.

Experts from ESET speculate the app is under development, it could be a “test version,” and more malicious variants could be developed in the future.

The good news is that Android users that have installed the WhatsApp Pink app can simply remove it from the Settings and the App Manager submenu.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, WhatsApp)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment