WhatsApp Information Stealing Malware Baits Users Into Phishing By Voice Message

WhatsApp phishing victims have accidentally clicked on information stealing malware.

WhatsApp users are now falling victim to the phishing strategies by threat actors from pretending to be an official WhatsApp voice message and sending it to users.

Voice Message was first introduced in WhatsApp in 2013, and it was anticipated to have a significant impact on the way people communicated.

The company receives an average of 7 billion voice messages per day from their users on WhatsApp, all of which are protected by end-to-end encryption, ensuring that they remain confidential and secure at all times.

However, that does not make WhatsApp an exception to phishing.

Attempts have been made to spread information-stealing malware to at least 27,655 email addresses through the use of a new WhatsApp phishing campaign that impersonates the voice message feature of the messaging app.

WhatsApp Phishing

WhatsApp phishing attacks have been reported by its numerous users. As reported by Bleeping Computer, a phishing attack poses as a notification from WhatsApp, informing the victim that they have received a new private message from a friend.

This email contains an embedded "Play" button as well as information about the duration and creation time of an audio clip.

Using an email address associated with the Center for Road Safety of the Moscow Region, the sender is impersonating a "Whatsapp Notifier" service and pretending to be from that organization.

Upon clicking on the "Play" button in the message body, the WhatsApp user is redirected to a website that serves an allow/block prompt for installing a malicious Java/Kryptic trojan.

In order to trick the victim into clicking on "Allow," the threat actors create a web page that asks for confirmation that they are not a robot.

The WhatsApp users will be subscribed to browser notifications that will send in-browser advertisements for scams, adult sites, and malware if they choose to click on these allow buttons.

Unfortunately, once the "allow" option is selected, the browser will prompt the user to install the payload, which in this case is a malware that steals sensitive information from the computer.

Researchers at Armoblox, who are constantly on the lookout for new phishing threats, were the ones who discovered the new WhatsApp voice message phishing campaign.

Armoblox believes that this is an instance in which the hackers have somehow exploited the domain in order to promote their cause, and as a result, the organization has played a role without the organization's knowledge.

WhatsApp Update Voice Message

The WhatsApp phishing campaign by threat actors was made successful because they used the WhatsApp voice message update.

On March 30, the platform released a new set of updates. Here are the salient features of the WhatsApp updates:

  • Playback of a voice message outside of the chat to allow users to multitask or read and respond to other messages while listening to a voice message.
  • A new WhatsApp update that allows users to pause and resume recording a voice message while it's being created.
  • A new WhatsApp update called Waveform Visualization represents the sound on the voice message.
  • A new WhatsApp update that allows users to hear the voice message first before sending
  • It also allows users to pick up from where they left in the message as Playback is now remembered.
  • WhatsApp users can now play a voice message at 1.5x or 2x speeds for both forwarded and on a regular voice message.

© 2024 iTech Post All rights reserved. Do not reproduce without permission.

More from iTechPost

Real Time Analytics