How does this WhatsApp Malware work?

[LazyLion]

So my daughter got this WhatsApp from a friend... whose phone is obviously infected with some kind of malware.
When you open this link it takes you to a Google Photos Album with a "JOIN" link to join the album.
But the google photos album is blank. The album is in the name of the person who sent the WhatsApp.
But it could obviously be a cloned Google Photos Album if that person is infected with some kind of malware.

There was no password login and there was no app download.... that we could see.
We turned off my daughter's Internet Connection and are scanning here phone now as well.
But Googling this thing turns up Zero Results.
Does anybody have any idea what is going on here?

 

[LazyLion]

Oh I checked that the album is in fact being hosted on the real Google Photos site, and yes... it is on the real Google Photos Site.
So if it is an exploit, it is being run on the real Google Photos site.

 

[Solarion]

Yeah spammers, blackmailers, scammers and exploit scripts are smashing the www from Google accounts and also the Microsoft suite apps such as One Drive and O365 trial accounts.

 

[itareanlnotani]

Buffer overflow exploit probably, in order to drop an executable locally. probably targeted at android phones i'd guess.

 

[Scary_Turtle]

Oh I checked that the album is in fact being hosted on the real Google Photos site, and yes... it is on the real Google Photos Site.
So if it is an exploit, it is being run on the real Google Photos site.

Pretty easy to upload a picture with malware in it to Google photos, but they are good at blocking content that is reported.

The problem is malware is normally targeted at a specific picture app that would run the code so this is strange attack vector.

Would love to see what it is sending, receiving and reverse engineer it.