WhatsApp voice message phishing emails push info-stealing malware

ByLois V. Aguirre

Apr 5, 2022 #3rd Wave Of Technology, #Active Mind Technology Steve Suda, #Adia Technology Limited, #Anxiety Caused By Technology, #Aum Technology Job Openings, #Best Books On Licensing Technology, #Best Us Companies Drivetrain Technology, #Boulder Creek Ca Technology Companies, #Bounce Box Technology, #Bridgerland Applied Technology College Cafeteria, #Cisco Technology News, #Comcast Comcast Technology Internship Program, #Complete Automated Technology, #Defence Technology News, #Definition Information Technology System, #Digital Technology, #Digital Technology Pdf, #Director, #Dxc Technology Malaysia Sdn Bhd, #Emerging Technology In Healthcare 2019, #Energy Efficient Home Technology, #Environmental Technology 2019, #Esl Information Technology Vocabulary, #Farming Technology Replacing People, #I.T. Information Technology, #Information Technology Residency Programs, #Issue With Holographic Counterfeiting Technology, #La Crosse Technology 9625 Manual, #La Crosse Technology C89201 Manual, #Lane Dedection Technology, #Long Quotes About Technology, #Micron Technology San Francisco, #Modern Steel Mill Technology, #Nc Lateral Entry Technology, #New Technology Replaces Wifi, #Russian Technology City, #Shenzhen Nearbyexpress Technology Development, #Stackoverflow Resume With Technology Interests, #State Agency For Technology, #Teacher Comfort With Technology Survey, #Technology Companies In Southwest Florida, #Technology Credit Union Address, #Technology In Mercedes Glc, #Technology Material Grant For College, #Technology Meibomian Lid, #Technology Production And Cost, #Treehouse Education Technology, #Western Technology Center Sayre Ok, #What Is Jet Intellagence Technology, #Why Women In Technology, #Will Technology Take Away Libraries

[ad_1]

whatsapp

A new WhatsApp phishing campaign impersonating WhatsApp’s voice message feature has been discovered, attempting to spread information-stealing malware to at least 27,655 email addresses.

This phishing campaign aims to lead the recipient through a series of steps that will ultimately end with the installation of an information-stealing malware infection, opening the way to credential theft.

Information-stealing malware is aggressively distributed today via various means, with phishing remaining a primary channel for threat actors.

The information stolen by these special-purpose malware tools is predominately account credentials stored in browsers and applications but also targets cryptocurrency wallets, SSH keys, and even files stored on the computer.

WhatsApp voice messages as a lure

The new WhatsApp voice message phishing campaign was discovered by researchers at Armoblox, who are constantly on the lookout for new phishing threats.

For years, WhatsApp has had the ability to send voice messages to users in groups and private chats, with the feature receiving new enhancements last week.

A timely phishing attack pretends to be a notification from WhatsApp stating that they received a new private message. This email features an embedded “Play” button and audio clip duration and creation time details.

The sender, masquerading as a “Whatsapp Notifier” service, is using an email address belonging to the Center for Road Safety of the Moscow Region.

The phishing email impersonating WhatsApp
The phishing email impersonating WhatsApp (Armoblox)

Due to this being a genuine and legitimate entity, the messages aren’t flagged or blocked by email security solutions, which typically is the biggest problem for phishing actors.

Armoblox believes this is a case of the hackers having somehow exploited the domain to promote their purpose, so the organization plays a role without knowledge.

If the recipient clicks on the “Play” button in the message body, they are redirected to a website that serves an allow/block prompt for installing a JS/Kryptic trojan.

To trick the victim into clicking on “Allow,” the threat actors display a web page stating that you need to click ‘Allow’ to confirm you are not a robot. However, clicking these allow buttons will subscribe the user to browser notifications that send in-browser advertisements for scams, adult sites, and malware.

The website that installs the malware
The website that installs the malware (Armoblox)

This simple trick can be very effective with people who are not consciously aware or thinking twice about their actions online.

Once the “allow” option is pressed, the browser will prompt the user to install the payload, which in this case is an information-stealing malware.

How to protect yourself

The fact that the emails in this campaign bypassed numerous secure email solutions makes it a particularly nasty case, but the clues that it was phishing were still abundant.

First, the email address has nothing to do with WhatsApp, and the same goes for the landing URL that requests the victims to click “Allow” to confirm they’re real. They are both obviously out of WhatsApp’s domain space.

Secondly, voice messages received on WhatsApp are downloaded automatically in the client app, so the IM company would never inform you about receiving one via email.

Thirdly, the phishing email features no WhatsApp logo, which is almost certainly to avoid having trouble with the VMC checks introduced by Gmail last year.

To protect yourself from phishing attempts, always take your time to look into potential signs of fraud when receiving messages that make surprising claims, and never jump into action.

If you need to check something, do it yourself through the official website or application, and never by following URLs or instructions provided in the message.

[ad_2]

Source link