WhatsApp Phishing Campaign Unleashes Malware Storm

News

Written by

Photo of Tara Seals

Tara Seals

US/North America News Reporter, Infosecurity Magazine

A malware attack targeted specifically at businesses and consumers who might use WhatsApp has been found unleashed in the wild.

According to the Comodo Antispam Labs (CASL) team, as part of a random phishing campaign, cyber-criminals are sending fake emails claiming to be delivering legitimate WhatsApp content; instead, the messages spread malware when the target clicks on the “message.”

The attachment contains a compressed (.zip) file, which houses a malware executable. The malware is a variant of the Nivdort family, which usually replicates itself into different system folders, adding itself into an auto-run in the computer’s registry.  

WhatsApp is a Facebook-owned, multi-platform messaging service that offers chat and calling among users; they can also share photos and videos. The service has 700 million active users and claims 30 billion messages sent each day on the platform, making it a broad target.

But rather than take a scattershot approach to the opportunity, a series of savvy subject line lures are at the core of this campaign.

“Cybercriminals are becoming more and more like marketers—trying to use creative subject lines to have unsuspecting emails be clicked and opened to spread malware,” said Fatih Orhan, director of technology for Comodo and the CASL, in a blog.

Examples include:

•             You have obtained a voice notification.

•             An audio memo was missed.

•             A brief audio recording has been delivered!

•             A short vocal recording was obtained.        

•             A sound announcement has been received.

•             You have a video announcement.

•             A brief video note got delivered.

•             You've recently got a vocal message.

Each subject ends with a set of random characters like ‘xgod’ or ‘Ydkpda’.  These are probably used for encoding data or to identify the recipient.

The messages appear to be legit, because the perpetrators are making use of display name spoofing. When an email pops up, it shows that it was sent from an umbrella branding name, WhatsApp. But the actual "from" email address is clearly not from the company.

Photo © Alexander Supertramp/Shutterstock.com 

You may also like

  1. Red October cyber-espionage campaign used highly sophisticated infiltration techniques

    News

  2. Notorious Bumblebee Malware Re-emerges with New Attack Methods

    News

  3. Malware-as-a-Service Now the Top Threat to Organizations

    News

  4. Fileless Attacks: Addressing Evolving Malware Threats

    Opinion

  5. New Infostealer Uncovered in Phishing Scam Targeting Facebook Business Accounts

    News

What’s hot on Infosecurity Magazine?