Android malware worm auto-spreads via WhatsApp messages

Fraudulent mobile applications are on the rise. One recent example is hidden on the Play marketplace in a fake application and capable of spreading itself via Whatsapp instant messages. If the victim grants the correct permissions, the malware automatically retrieves a crafted payload from its C2 servers and disseminates it on WhatsApp messages.

This article covers how this kind of malware works, the techniques used by malicious actors and prevent it.

WhatsApp malware worm overview

In general, mobile devices are not as secure as computers. The standard security protections used for workstations and servers are not in place for most mobile devices, so mobile devices may not be protected by firewalls, , or endpoint detection and response.

However, these devices are often connected to services, business emails and other applications that put companies at risk.

Within this context, the CheckPoint team discovered malware on the Google Play marketplace with the capability of spreading itself by using the victim’s WhatsApp messages. When submitted into the official marketplace, the malicious application was not flagged as malware and may have been downloaded and installed by approximately 500 users.

Figure 1: Malicious application available on

Read More: