Android malware (.apk) can be spread through a fake PDF document by manipulating the file extension in the WhatsApp application. PoC is available in this repo
wp.test.mp4
Step 1: First, create a free account at https://user.ultramsg.com/signup.php. We will use this to manage the API
Step 3: Fill in the appropriate fields in wp.py with the generated API information and log in to your WhatsApp application using the QR code found under the instance information.
Step 4: Enter the target number in the "enter number" field and upload your file to the server (this can be an ngrok or python server. If you are testing locally, you can use XAMPP).
python wp.pyThis software is provided "as is", without warranty of any kind, express or implied, including but not limited to the warranties of merchantability, fitness for a particular purpose, and noninfringement. In no event shall the authors or copyright holders be liable for any claim, damages, or other liability, whether in an action of contract, tort, or otherwise, arising from, out of, or in connection with the software or the use or other dealings in the software.