FAKE WHATSAPP 'VOICE MESSAGE' EMAILS ARE SPREADING MALWARE
CITS have been alerted to a recent WhatsApp scam, involving a phishing campaign, impersonating WhatsApp’s voice message feature which has been spreading information-stealing malware.
The attack starts with an email claiming to be a notification from WhatsApp of a new private voice message. The email contains a creation date and clip duration for the supposed message, and a ‘Play’ button.
The identity ‘Whatsapp Notifier’ masks a real email address belonging to a Russian road safety organisation. As the address and organisation are real, the messages aren’t flagged as spam or blocked by email security tools. Armorblox, who discovered the scam, believe the Russian organisation is playing a role without realising.
The ‘Play’ button will take the email recipient to a website which then asks them to click ‘Allow’ in an allow/block prompt to ‘confirm you are not a robot’. Once ‘allow’ is clicked, the browser will prompt to install software that turns out to be information-stealing malware.
While there are numerous ‘signs’ that this is a scam, these attacks rely on people missing the signs – perhaps because they are waiting for urgent or exciting news that could well be delivered by a voice message.
CITS recommends that everyone should follow the latest advice for staying secure on line.
