Security experts have warned of a new spate of malicious spam which targets the growing popularity of mobile messaging apps by arriving as fake notifications in user inboxes.
Kaspersky Lab revealed in its Q1 2014 spam report that fake notifications purporting to come from services including Whatsapp, Viber and Google Hangouts are appearing with increasing frequency.
“In January, we registered a mass mailing which supposedly contained an image sent to the recipient via WhatsApp,” wrote Kaspersky head of content analysis, Darya Gudkova.
“An alert user would have queried why this notification had arrived via email as the WhatsApp account is not directly associated with the email box. However, many users are used both to synchronization of their contacts and to the fact that messages from mobile applications can arrive via email so this notification would not surprise the majority of users.”
However, the email in question actually contained a well-known backdoor – detected by Kaspersky Lab as Backdoor.Win32.Androm.bjkd – which typically downloads additional malware onto a victim’s computer.
Another mass mailer seen by the Russian security company arrives in the form of a Whatsapp “missed voice message” notification urging the recipient to click a link to listen to it. Doing so would take them to a hacked legitimate site, warned Gudkova.
Similar “missed call” spam was also directed at Viber and Google Hangout users, she said.
Spam levels in general remained pretty consistent in the first three months of the year with those from Q1 2013, despite dropping 6% from the previous quarter to around 66%, Kaspersky Lab said.
China (21.9%), the US (18.8%) and South Korea (12.9%) remain the top sources of unwanted mail globally.
Elsewhere, Malwarebytes Labs reminded small business users to be on their guard against innocuous looking PDF attachments containing malware.
“As far as malicious attachments go, the majority are zipped executables that often use the double extension trick (i.e. Invoice.doc.exe) and will directly infect a user’s PC as soon as they are ran,” wrote senior researcher Jerome Segura in a blog post.
“But there’s another type of malicious attachments, one that we seldom hear about, that may deceive a lot of
people and sneak by your antivirus: regular documents that have been exploited.”
The particular malicious spam wave spotted by the firm aimed to trick business users into opening it by disguising the PDF as a business or Amazon invoice.
The exploit in question - CVE-2013-2729 – ends up dropping additional malware onto the victim’s machine including the ZeuS banking Trojan, CryptoLocker ransomware and more.
Segura claimed such attachments can often sneak in under the radar of regular filters. He urged businesses to ensure they’re covered with exploit protection and keep their OS, browser and any browser plug-ins up-to-date.