Updated comments from WhatsApp.

According to a prominent security researcher, WhatsApp is being used to spread malicious Android apps.

Following a tip from Twitter user @ReBensk, ESET's Lukas Stefanko details the WhatsApp worm in a YouTube video (embedded below). Stefanko demonstrates that when an infected phone receives a WhatsApp message notification, it immediately sends a link to a fake Google Play page, prompting the user to download the malicious app.

In Stefanko's example, the malicious app is a fake Huawei app, which appears to be designed to display ads on infected devices and make money for app vendors. One Twitter user reported witnessing a similar scam using a fake Netflix app.

In the grand scheme of dangerous Android malware, this type of adware is fairly lightweight, but still not something you want on your phone. [This malware can deliver a more dangerous threat because the message text and links to malicious apps are received from the attacker's server. It could simply be distributing banking Trojans, ransomware, or spyware."

To avoid infection, make sure your Android phone can only install software from the official Google Play store.

This varies from model to model, but in general, go to Settings > Apps > Special Access > Install Unknown Apps to prevent any app on the phone from installing apps on its own.

For older phones before Android 7 Nougat, make sure Settings>Security>Unknown Sources is turned off.

We also recommend using the best Android antivirus apps that will catch this malicious app before it is installed.

WhatsApp contacted Tom's Guide and released the following statement:

"This is a malicious app that tricks people into downloading it with permissions granted by the Android operating system and sends phishing messages Phishing messages are sent. We are reporting this to the domain providers used by the phishing service and asking them to take action and protect against such exploits. We urge people not to install apps from untrusted sources or tap on unusual or suspicious links. We also urge people to report such messages as soon as possible so that action can be taken."