A pink version of Whatsapp is circulating, but it is not a popular chat-themed initiative, but a real scam. It was identified by security researcher Rajshekhar Rajaharia who denounced it on Twitter: in practice it is a malicious Android app that uses the name of the Facebook ecosystem application to sneak into users’ devices and steal sensitive data. In a video, the researcher showed how it works.
Beware of @WhatsApp Pink!! A Virus is being spread in #WhatsApp groups with an APK download link. Don’t click any link with the name of WhatsApp Pink. Complete access to your phone will be lost. Share with All..#InfoSec #Virus @IndianCERT @internetfreedom @jackerhack @sanjg2k1 pic.twitter.com/KbbtK536F2
– Rajshekhar Rajaharia (@rajaharia) April 17, 2021
Affected users receive a link inviting them to download a phantom version of WhatsApp that promises to change the color of the interface, from green to pink. But once installed, the app disappears from the main screen of the device and remains active in the background stealing the personal data of the victims, taking control of the address book, or sending messages to contacts and asking them to download the application. Researcher Rajaharia also provides some helpful tips for securing devices that are victims of this malware. Such as the immediate uninstallation of pink WhatsApp, the closing of all active sessions directly from the WhatsApp Web / Desktop section accessible from the official app settings and the cleaning of the browser memory. In addition, of course, to be wary of suspicious messages that urge you to click on links or invite you to install unlikely applications.