A new phishing campaign is targeting WhatsApp users and luring them to install information-stealing malware on their devices via emails. According to a recent report, the campaign is targeting at least 27,655 email addresses and leveraging WhatsApp’s voice message feature (which recently received new features) to spread malware that can steal users’ sensitive information, including account credentials stored in browsers and applications. Read on to find out the details.
Beware of This WhatsApp Phishing Campaign!
A recent report by Bleeping Computer, citing cyber-security researchers from Armorblox, states that a threat actor, impersonating the WhatsApp team, is sending malware-laden emails to WhatsApp users. The infected email comes as a notification for a new “private voicemail” on WhatsApp and the sender uses an email address that belongs to the Center for Road Safety of the Moscow region.
The report notes that the threat actor somehow exploited the domain to use the email address. And as the email address is seemingly legit and genuine, the phishing emails do not get blocked or flagged by the in-built email security solutions. It is considered one of the primary issues that email-based phishing campaigns like these face.
The email contains a preview of the “private voicemail” along with a play button at the bottom. Clicking this button leads the user to a malicious website, which further asks for the user’s permission to allow in-browser notifications. The website even tries to trick the user to click the “Allow” button by posing the prompt as a captcha to verify if they are a robot. Clicking this button will allow in-browser notifications, which will subject users to advertisements for scams, adult sites, and malware in their browser.
Moreover, after clicking the allow button, the website will prompt the user to download a package, which, in this case, is an information-stealing malware tool. If a user installs the tool on their device, the attacker would be able to steal their private details, banking credentials, crypto wallet details, SSH keys, or locally-stored files.
How to Avoid the WhatsApp Phishing Attack?
Now, although the malware-laden email passes various security solutions and uses tricks to lure users into installing the malware tool, there are some clear hints that reveal the true agenda. Firstly, WhatsApp does not send a separate email to notify about a voice message. The notification comes directly from the app to the user’s system notification panel.
Secondly, there is no WhatsApp logo or anything to verify that it is a legit WhatsApp message in the email preview. Furthermore, the email address and the URL of the website are, in no way, related to WhatsApp. And thirdly, there isn’t any need to download additional programs to listen to a simple WhatsApp voice message.
These are some of the clear red flags that users should look out for when interacting with such phishing emails. So, if you come across such an email in your inbox, delete it and report the sender right away.