Currently, WhatsApp is the most used instant messaging application in much of the world. So much so that on many occasions we put aside traditional calls and contact people directly by sending messages or audios through the app. Its great prominence also makes it vulnerable to threats from those who want to take advantage of its success to try to distribute all kinds of viruses or scams through it to get hold of your personal data. For this reason, we have to be very careful with everything we receive, and even with the unofficial WhatsApp applications that we have installed, because they can also contain some type of malware.
In January of this year, malware analysts at Doctor Web tracked the spread of a new Android Trojan known as Android.Spy.4498. Those responsible for this Trojan have included it in some versions of unofficial modifications (mods) of WhatsApp , to later distribute them through malicious websites.
What is Android.Spy.4498 capable of
It is a Trojan application for Android devices. Its main functionality is to steal the content of notifications from other apps. According to analysts, “it also downloads and prompts users to install other applications and may display various dialog boxes.”
It has been detected in some of the unofficial applications (mods) of WhatsApp, so if you have any of the following installed on your Android mobile, it would be better to delete them as soon as possible.
- GBWhatsApp
- OBWhatsApp
- whatsapp plus
This Trojan is also capable of downloading apps and offering users to install them in order to display dialog boxes with the content it receives from attackers. During the attack, Android.Spy.4498 requests access to manage notifications and read their content . Specifically, this version is aimed at notifications in the following applications: com.sec.android.app.samsungapps (in the Samsung Galaxy Store) and com.android.vending (in the Google Play Store).
Statistics collected by Doctor Web on Android
As if that were not enough, it is also capable of “remotely registering the content of the notifications of the applications that are on a set list”. It does this through various statistics services like Flurry. “When the host app is used, the Trojan covertly downloads an apk file, using a URL received from malicious actors.” It then asks the victim to install it as if it were a new version of the app for which it does not display the usual dialog box.
Finally, another of its features is to show random dialog boxes . When the user clicks on the “accept” button, it is when a specific website is loaded in the browser. As the Doctor web researchers have detected, “the requests to access notifications, the functionality to display dialog boxes with personalized content, as well as the apk file download routine, are executed from the com.whatsapp activity. HomeActivity modified from the original WhatsApp application”. The most recommended thing in these cases is that you immediately delete the aforementioned apps and download an antivirus app to make sure that your Android smartphone has not been attacked by this threat.
