top of page
  • Admin

WhatsApp Worm Spreads To Other Apps, Malware Hides in .BMP Images

Published: June 7, 2021 on our newsletter Security Fraud News & Alerts Newsletter.

With a WhatsApp malware worm wiggling its way into Signal, Telegram, and Skype, and malware now being delivered in .bmp image files, it’s a cyber jungle out there. It’s a sort of “survival of the fittest” and those in-the-know can help keep themselves from becoming a casualty of these cybercrimes.

Beware .BMP Image Files

A Malwarebytes investigation found .bmp files are the latest addition to the list of image files that are known malware carriers. The usual culprits like .doc, .jpg, .exe, and .zip are known carriers of malware image attachments. According to the report, .bmp files can now be added to the list of potential malware carriers and should be approached with caution before opening.

The bitmap image files (.bmp) can now store digital images that are easily opened by multiple platforms such as Mac and Microsoft Windows. Most any device can open a .bmp image attachment and now, .bmp attachments can carry malware images. Remember to approach all email attachments with a dose of skepticism and always look for email phishing red flags before opening any attached file.

What’s Up with WhatsApp’s Worm?

ESET malware researchers discovered a new worm that started in WhatsApp and is now wiggling its way into other apps including Skype, Telegram, and Signal. Although worms carry malware, there’s a simple but significant difference between how a worm and a virus differ. Still, in the end, they both carry malware. A virus needs triggering, or an action, by a target to spread through a system. Think: clicking on a phishing email attachment that’s malware-filled and from there infects entire systems. Worms, on the other hand, are stand-alone malicious programs needing no interaction to duplicate and spread itself once it breaches a system.

A Worm and a Free Smartphone

The ESET research found fake WhatsApp messages offering a free smartphone for downloading an app from Google Play store. Unknown to the user, the app is bogus and carries the worm, and the Google Play store is fake. And as you might guess, the free smartphone never arrives. ESET finds this offer has been traveling for months to the other apps, Skype, Telegram, and Signal, via WhatsApp Messenger.

If the link in the WhatsApp message is clicked, the person will go to a convincing clone of the Google Play store (below), where they are asked to download a fake Huawei app,of corse it's malicious.

According to ESET, “The malware spreads through the victim’s WhatsApp and routinely responds to each incoming message with a URL to a rogue and malicious Huawei mobile application. When mounted, it asks for a selection of permissions, which include access to notifications.” ESET finds bad actors are currently using the worm for subscription fraud and adware. They warn the worm can also be used to spread ransomware, spyware, banking trojans, and more. Users should remember that “free” isn’t always a good thing, and in this case, especially if it’s a free smartphone.

Want to schedule a conversation? Please email us at

44 views0 comments


bottom of page