fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

WhatsApp Pink Malware Can Now Auto-Reply To Your Signal, Telegram Texts

WhatsApp Pink Malware Can Now Auto-Reply To Your Signal, Telegram Texts

WhatsApp malware dubbed WhatsApp Pink has now been updated with advanced capabilities that let this counterfeit Android app automatically respond to your Signal, Telegram, Viber, and Skype messages.

WhatsApp Pink refers to a counterfeit app that appeared this week, primarily targeting WhatsApp users in the Indian subcontinent. 

The app touts itself to be a “pink” themed version of the otherwise-green WhatsApp app, but instead contains a trojan that takes over your Android device, and spreads itself to other users.

WhatsApp Pink spreads via group chat messages

Over the weekend, security researcher Rajshekhar Rajaharia warned WhatsApp users of a new malware circulating via WhatsApp group messages that contain links to scam sites.

These links appear within messages that read like:Apply New Pink Must Try New WhatsApp. http://XXXXXXXX/?whatsapp

But, clicking on the link takes users to a page where they can download the malicious WhatsApp Pink APK.

As seen by BleepingComputer, the links lead to the following webpage. The “download” button directing the user to the app, WhatsappPink.apk.

Also Read: The 5 Benefits Of Outsourcing Data Protection Officer Service

whatsapp pink scam site
WhatsApp Pink download sites with link(s) to the APK
Source: BleepingComputer

WhatsApp Pink is in fact a variant of another malware, a fake Huawei app, that researchers had analyzed earlier this year.

“WhatsApp Pink is an updated version of the WhatsApp auto-reply worm we wrote about in January,” said ESET malware researcher, Lukas Stefanko.

“The Trojan’s updated version doesn’t auto-reply just to WhatsApp messages, but also to messages received on other instant messaging apps, which could be the reason for its apparent wider spread,” added the researcher.

New update auto-replies to your Signal, Telegram, Viber texts

This week, a video demonstration posted by ESET researchers show that a new update being pushed to the malicious WhatsApp Pink app is capable of auto-responding to your messages from a variety apps including Signal, Viber, Telegram, and Skype.

Although end-to-end encrypted messaging apps like Signal, WhatsApp and Telegram protect communications and messages in transit, like any end-to-end encrypted system, the data at rest can itself be accessible to the person holding the device, or applications (malware) running on the device.

As such, end-to-end encryption should not be misunderstood as protection against compromise of an end device by malicious apps like WhatsApp Pink.

WhatsApp Pink’s new update auto-replies to any messages received on Signal, Telegram, WhatsApp, WhatsApp Business, Skype, or Viber with links to the WhatsApp Pink download site so as to spread itself to the unsuspecting users who may click on the link, and download the infected APK.

But, as soon as the app is installed and the user clicks on the WhatsApp Pink app icon, the app disappears, and pretends as if the installation never took place, according to ESET’s analysis.

“The victim will then receive a message, to which they will have to reply in order to unwittingly cause it to propagate further.”

“Beyond that, however, the new version – detected by ESET products as Android/Spams.V – doesn’t really do much,” wrote ESET researchers in a blog post.

Stefanko believes that this update could just be a “test” and hint at more malicious variants that are about to come out in the near future.

Also Read: How To Prevent WhatsApp Hack: 7 Best Practices

Users who have downloaded the WhatsApp Pink app can remove it from the Settings and the App Manager submenu, and should ideally scan their Android device with a mobile antivirus solution to ensure the malware removal has succeeded.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us