WhatsApp is a free application for sending text and voice messaging and making audio and video calls over the internet. It’s owned by Facebook, works on Android and iOS devices, and has more than one and a half billion users and half a billion daily users, being one of the most popular messaging applications in the world.
Unfortunately, its popularity makes WhatsApp an attractive target for online criminals.
Whatsapp Virus quicklinks
- What is WhatsApp virus and how to avoid it
- Examples of scams, hoaxes, and malware spread on WhatsApp
- WhatsApp Gold, WhatsApp Plus, and Martinelli
- Fake update
- WhatsApp replacer
- Fake WhatsApp apps
- Attached file malware
- Pegasus spyware
- Olivia hoax
- Phone verification phishing scam
- WhatsApp giveaway scam
- Manipulation of messages
- “Missed voicemail” email
- “WhatsApp will delete your account” hoax
- How to remove WhatsApp virus
- Phishing scam
- Malicious app
- Automatic Malware removal tools
Just like Instagram and Facebook, WhatsApp is safe to use, but it’s important to remain vigilant and understand that malicious actors also use this app as a platform to spread malware. WhatsApp virus, then, is the term for scams, viruses, and hoaxes spread on WhatsApp by criminals, fraudsters, and scammers.
What is WhatsApp virus and how to avoid it
The various viruses vary between spyware and adware apps, scams that sign you up for bogus subscriptions, links that download malware, and hoaxes that share false information between WhatsApp users. They should all be taken seriously. Hoaxes that lead to fake giveaways and warnings actually trick some people to pay real money for a fake product. Phishing scams can do the same by allowing criminals to hijack an account that has a credit card saved. Other malware does not do something so destructive but does make your phone-using experience miserable by displaying endless and excessive ads on your phone.
The reasons for WhatsApp viruses and varied. Vulnerabilities in WhatsApp’s code that allow a malicious actor to install a trojan, change and spoof messages, hijack the device, and extract private data are constantly patched, but new ones are discovered and incorporated into new malware. It’s a constant battle between the developers of malware and WhatsApp. But no bugfixes will stop hoaxes from being shared – especially when they’re well crafted and believable.
WhatsApp threats and solutions memo:
|Symptoms of a WhatsApp virus||Hacked WhatsApp account.
Hacked other online accounts.
Slow, laggy phone.
Unauthorized charges form your credit card.
Excessive advertisements on your screen.
|Types of threats||Scams.
|Be suspicious of||Warning messages that ask you to forward them.
Giveaway messages that ask you to forward them.
Shortened links in messages.
Multiple WhatsApp apps on your phone.
|Precaution and solutions||Use 2-step verification.
Be suspicious of strange messages.
Uninstall malicious apps.
Be suspicious of giveaways and warnings on WhatsApp.
Antivirus tools don’t protect from all threats online, which is why it’s good to always be skeptical of what you see on WhatsApp. Avoid scams and malware by being patient and careful:
- When you get a message with a link or file attachment, think before clicking on it. Be especially careful if the link is shortened. Before opening the link or file, ask the sender about it and wait for a reply to make sure that their account isn’t hacked and the message isn’t spoofed.
- If you’re at all suspicious of a message that you got, look it up online. If a hoax or scam has been going on for a while, someone else might know about it. Ask around, too – some people are familiar with scams and can tell one right away.
- If you were linked to a login page by a suspicious message, try interacting with it. Phishing sites often have nonfunctional elements that only look real, such as buttons that don’t do anything.
- If you’re suspicious of a link, scan it before clicking on it. There are services online which allow you to scan links and see if anyone has labeled them as malicious, suspicious, or misleading.
- Update your software. Security vulnerabilities allow criminals to abuse your software and the developers of WhatsApp release fixes as soon as they can, but you must allow them to be installed to take advantage of them.
- Create a backup of your data, such as photos and WhatsApp messages (since those are stored locally on your phone). Some viruses don’t have a solution and require a factory reset – in case that happens, it’s important to have a backup of your data.
Examples of scams, hoaxes, and malware spread on WhatsApp
WhatsApp Gold, WhatsApp Plus, and Martinelli
Starting in 2016, a rumor was circulated about “WhatsApp Gold”, a limited-edition exclusive and premium version of WhatsApp that’s primarily used by celebrities and comes with some extremely attractive features. Now, in 2019, the scam is still active and can be encountered as “WhatsApp Plus”.
Supposedly, you only need to follow a provided link to get access to this exclusive version of WhatsApp. The link changes every time the scam is revived but usually incorporates the words “gold version” and clicking on it would redirect visitors to various malicious websites. Those encourage the visitors to download “WhatsApp Gold” – in reality, deceptively named malware.
A message circulated recently warns people about WhatsApp Gold and mentions a “martinelli” video that’s supposed to infect your phone. However, this martinelli warning seems to be a hoax.
Some advertisements online are designed to look like WhatsApp update warnings. These ads claim that, if you fail to click the “Install Update” button, “your contacts, messages, and media may be lost”. There is a timer counting down to this supposed deadline.
This fake WhatsApp update is a simple webpage. Clicking the “Update Now” button opens the installation page for another app, one unrelated to WhatsApp. It could be a fleeceware app (an expensive subscription-based app that does nothing useful), or even a malicious app.
Some malicious mobile apps that don’t look like anything special, when installed, could replace the official WhatsApp app with adware.
Known as Agent Smith, this malware had been uploaded on the Google Play Store. It was a collection of shallow and minimal apps with barely any features. Downloading and installing one of these apps would install in the background a modded version of WhatsApp, as well as malware which was disguised as an official-looking Google-related app.
WhatsApp wasn’t the only target in this campaign – this malware had a list of apps that it was ready to replace. If it found a fit target on your system, it would replace it with a modded malicious version of it. The modded apps were turned into adware, constantly spamming you with full-screen ads.
While it was used to make money to the distributors by showing users advertisements, Agent Smith could have been used for much more harmful activities, such as spying on people and stealing their credentials. Luckily, once it was found out, Google removed the deceptive applications from its store.
Fake WhatsApp apps
WhatsApp warns people to not accidentally install fake, unofficial, or modded versions of its official applications. The fake apps endanger people’s privacy and can cause them to download malware and see malicious websites. However, most fake apps don’t go so far, content to just serve as adware, profiting from showing people endless ads.
For example, a malicious app called “Update WhatsApp Messenger” was installed by more than a million users from the Google Play Store. It only served ads but it could have been so much worse. After the deception was found out, Google removed it from the Play Store.
Attached file malware
Just like malicious spam emails, WhatsApp messages spread malware via the attached doc and PDF files. Files work a lot like malicious links, capable of automatically downloading malware and acting as spyware – watching your messages, other data, forwarding it to a server. Ransomware often uses infected attachments to spread, and this type of virus certainly can affect phones.
WhatsApp being infected with spyware with just a single call to your phone sounds and is extreme. But a spyware product called Pegasus was being spread this way. Pegasus could read text messages, hijack your phone’s microphone, camera, and read your passwords. Pegasus is so notorious that scammers have used its name to scare people in fake security alerts.
Facebook has released an update to fix the vulnerabilities that Pegasus abused to install via WhatsApp calls.
“Olivia” was a character that showed up in people’s WhatsApp messages unexpectedly. To gain the trust of the recipient, she insisted on being an acquaintance. Olivia seems to be a bot that’s created to spread links to various porn sites. This WhatsApp spam seems to have been targeted at children. Olivia sent them shortened links to adult sites after promising a photo of her together with the recipient. Since Olivia used shortened links, their destination was impossible to predict, so those who clicked had no way to know the destination.
Phone verification phishing scam
Scammers sometimes spread messages impersonating WhatsApp support and asking people to verify their phone numbers by clicking a link. The link leads to a phishing site that also pretends to be by WhatsApp and records the username, passwords, and other data that you type in. That information is then sent to the criminals who can use it to hack your WhatsApp and other accounts.
A similar scam with messages about you having requested your phone number to be transferred to another account has also been spread. That one wanted you to call a provided phone number, similarly to tech support scammers.
WhatsApp giveaway scam
Some WhatsApp users from select countries targeted by scammers were promised a free pair of sports shoes, jerseys, and other products. The products do depend on the user’s location.
A small list of products that scammers offer in malicious WhatsApp messages:
- Adidas shoes
- Nike jerseys
- Sports shirts
- 1000GB of free internet
- $500 McDonald’s voucher
- Free Tesco gift cards
- Free year of Netflix
- $300 Burger King voucher
The messages include a link to a website which tells people to share the message with their friends before they can receive the prize, in an effort to spread the scam to more people.
This scam is one that costs real money, asking you to pay $1 for the “free” items. If you actually pay, you’re subscribed to a service that charges you $50 each month. This is all in the fine print and very easy to miss when the fake giveaway is constantly distracting you with fake counters and timers. This scam doubles as phishing as the malicious sites can capture your information and use it later for hijacking your account.
Manipulation of messages
If you ever noticed messages mysteriously changing, know that a vulnerability was found by Check Point researchers that allowed a malicious actor to manipulate and spoof WhatsApp messages in group chats. This bug would have allowed people to get around the end-to-end encryption that WhatsApp uses to protect the privacy of your messages.
“Missed voicemail” email
For years now, an email that baits people into visiting malicious websites has been spread, posing as a WhatsApp update about a missed voicemail. Its text says “Incoming voicemail”, “New voicemessage”, or something similar. A button offering to play the message is placed in the email. Clicking on the button does not play any missed message. It’s quite a bit more dangerous: it can start the automatic download of a trojan. Other recipients of this message have a promoted website opened instead. Either way, the fake WhatsApp email is dangerous.
“WhatsApp will delete your account” hoax
Some people spread messages which threaten that those who don’t forward the message to as many of their contacts as possible will have their account shut down, will be charged a payment, will have their contacts removed, etc.
If you do not forward this message, we will take it as your account is invalid and it will be deleted within the next 48 hours.
Whatsapp will cost 0.01€ per message. Send this message to 10 people.
Forward this message to more than 10 people to activate your new whatsapp with facebook services or else your account will be deleted from new servers.
These hoaxes spread quickly and wide and some of them included a link to a fake login page for Facebook, trying to steal Facebook login credentials. Some people genuinely believe these messages and spread them without intending any harm.
How to remove WhatsApp virus
In general, strong antivirus programs like Spyhunter (Windows), Combo-Cleaner (Mac), and other tools can recognize malware and stop it. But mobile and online platforms don’t have such robust protection yet, so they’re seen as fertile ground by malware developers. So, for now, users of WhatsApp and other mobile applications should employ vigilance and be aware that the mobile platform is no safer than our desktops.
But if you were unable to dodge all the spam and false messages, don’t panic, it’s absolutely fixable. You will need to evaluate and undo the damage that the scams did to know what to do about it.
If your data was revealed to criminals by you accidentally filling out a fake form, revealing your credit card details, or installing a spyware app, your private data is in danger. Act quickly and remove the spyware.
After your device is clean, change your passwords to something complex. Make sure that 2-step verification is active.
Monitor your credit card for unauthorized payments. If something suspicious is happening to your bank account, call your bank.
If your WhatsApp account has been hacked, contact WhatsApp support and tell them honestly what happened.
If you downloaded and installed a malicious app, or even just a potentially unwanted app, you should remove it right away. If you signed up for a subscription on one of these apps, you should cancel it immediately.
Some of the WhatsApp impersonators are difficult to uninstall – they hide by changing their name to look like an official and trusted app, or removing their icon and name completely. If you’re not sure which app it is, just review each one. If you find the same app twice, one of them is definitely a fake.
If the app refuses to be removed, you can try booting your phone in Safe Mode to stop malicious processes from running. You can also make use of mobile antivirus products. A factory reset could also help but remember to create a backup of your files before performing it.
If you shared a message and found out that it was a hoax, get in touch with those you sent it to and let them know. Let those who shared it with you know, too. It’s good to spread awareness about false messages and stop phishing scams from affecting more innocent people.
Automatic Malware removal tools