Hacker News new | past | comments | ask | show | jobs | submit login
New Wormable Android Malware Spreads by Creating Auto-Replies in WhatsApp (checkpoint.com)
61 points by giuliomagnifico 4 days ago | hide | past | favorite | 17 comments

I don't understand the title...

So the malware is installed by the user which then spams users contacts to install it too? And to do this you need to: 1 install shady app, 2 ignore security warnings and 3 manually give it special access to access user communication?

Yes, users can be very stupid but I wouldn't call this "wormable.

(Although we could all agree that Googles evaluation process is basically whack-a-mole).

That's Checkpoint for you stretching the truth on every single one of their publications.

This sounds like the ‘this virus evades detection by hiding in a jpeg, until you manually extract it using this tool!’ stories we got 10 years ago.

I think there were cases where that was used to bypass some naive upload filters in conjunction with a back end that would detect and try to handle the attached/hidden malware.

A lot of users sideload apps all the time. Motivations vary, but eg Google doesn't let all Android users to access Play Store.

For these users I think it's pretty easy to fall for this. After all apps request overbroad permissions all the time and most users don't have the expertise to evaluate permissions nor the reputability of the publisher.

add a #4, which should be #1 in your list: people trying to pirate netflix (The app is a fake service that claims to allow users to view Netflix content from all around the world on their mobiles).

Looks like it wasn't very successful considering only 500 people installed it...

The message it sent was very poor IMO. A better strategy would be:

Reply with "Here's that Netflix-anywhere app I mentioned a while back. https://bit.ly/whatever"

If there is a follow-up message from the same contact, reply with "Oh sorry, meant for someone else, but you can use it if you like too! Grab it now, I'm about to delete the link".

Then if there is a third or any further replies, simply mark them read and block them from appearing to the user for 24 hours.

Don't give em ideas!

Seriously though, I wonder if the reason is that the creators speak English as a second language.

It's been a long time since I have had a look at Android permissions; is there any legitimate usecase for the "BIND_NOTIFICATION_LISTENER_SERVICE" permission used in the app ? It also feels very wrong that a non-system app would be able to interract with the inline reply field of the notification, is this ability tied to the permission itself ?

In any case, this obviously targets the less savvy users and it would probably be better labelled as "phishing" rather than "wormable".

It's used to send notifications to things like smart watches, or to other computers via apps like KDE Connect (which I think also allows people to interact with the notifications).

It's also a minimum of 3 user taps to enable this permission. It isn't like the regular camera or contacts permissions requests.

I dont think the number of taps changes anything for the target user of this app; the "free netflix" promise would have my mom calling me to help her follow the screenshot instructions and scam herself.

Wouldn't she also get a virus on a computer if she was convincing herself of such things. At some point there's an onus on the user to take some security precautions unless we want all our devices to be locked down consumption only toys.

You can define a security policy for these messages.

Maybe WhatsApp devs ignored that.

>Researchers found the malware hidden within an app on Google Play called ’FlixOnline.’” The app is a fake service that claims to allow users to view Netflix content from all around the world on their mobiles

Whatever happened to that saying...

'If it sounds too good to be true, it probably is.'

It's especially applicable to any software promising to do anything slightly sketchy.

Free apps with overblown claims are the snake oil of the internet. For every 1000 you find claiming to do this that or whatever amazing thing one may actually be real, 99 are probably useless and the other 900 are probably malicious.

I dunno, I try to think of installing software as letting someone come live in my house who may bring all their buddies with them. The more permissions an app wants, the more of my stuff that person's going touch and fuck around with while living in my house. There's also a good chance they'll let their buddies touch my stuff.

So you gotta think a bit about whether you want someone else in the house, you've probably got a little party going on already, and everyone's already messing with your stuff dammit.

Technically speaking, it isn't a worm as it requires the enduser to install.

I'm kind of surprised there hasn't been a serious doomsday-scale worm attack in the last decade or so given the complexity of modern software and the surface area this presents.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact