In yet another WhatsApp hacking scam, Android mobile users are being targeted by fake messages from scammers. It’s what the messages can do that’s the problem, and WhatsApp users are being warned to be on the lookout. The popular messaging app has had its share of security issues, and this latest version offers an adware message for a free mobile phone with the download of an app. It’s a bogus Huawei app in a fake Google Play Store and it downloads wormable malware onto a mobile device. The worm eventually forwards itself to all user contacts and then likely to all of their contacts as well.

This malware worm relies on adware that automatically replies to any WhatsApp message notification. The messages have a link to the malicious Huawei app that is likely intended to generate bogus advertising revenue for the hackers. The worm delays messages from the infected device to its contacts to avoid looking suspicious. Also, downloading the app from the fake Google App Store removes any security screening the official website does for all of its apps.

This particular WhatsApp hacking scam is one of many using fake apps to generate a hacker’s desired result. There are security measures we can all use that help ferret-out the real apps from the fake and malware-filled impostors.

Don’t Fall for Fakes

• Download apps only from the official Google Play Store or the official app store for your particular device. All apps on these stores are scanned for malware and other suspect issues. Going elsewhere for downloads, called sideloading, is particularly dangerous to do since these app stores do not always do a security check and are notorious for holding malware.

• Don’t click on suspicious pop-ups or links in messages. As official as they may seem, possibly a message from your bank, avoid responding to them from the pop-up or link. Instead, go to the official website to check if they are legitimate requests.

• Use common sense: If you receive a message that sounds too good to be true, it probably is.

• Use two-factor authentication (2FA) whenever offered, especially for financial accounts. This added layer of security can keep bad actors from getting into an account and avoids their malicious intent.

• Keep all software updated. The updates typically include bug fixes for security flaws that can leave you vulnerable to different attacks. The sooner the update is applied, the safer you will be.

A note on worms: Wormable malware doesn’t rely on user action to activate. It spreads from one vulnerable device to another on its own, able to duplicate itself and infect devices without any user interaction. Worms move more quickly through a system and can spread unnoticed. Sometimes, this makes them more dangerous than other types of malware.