A new phishing campaign is targeting WhatsApp users and luring them to install information-stealing malware on their devices via emails. According to a recent report, the campaign is targeting at least 27,655 email addresses and leveraging WhatsApp’s voice message feature (which recently received new features) to spread malware that can steal users’ sensitive information, including account credentials stored in browsers and applications. Read on to find out the details.
A recent report by Bleeping Computer, citing cyber-security researchers from Armorblox, states that a threat actor, impersonating the WhatsApp team, is sending malware-laden emails to WhatsApp users. The infected email comes as a notification for a new “private voicemail” on WhatsApp and the sender uses an email address that belongs to the Center for Road Safety of the Moscow region.
The report notes that the threat actor somehow exploited the domain to use the email address. And as the email address is seemingly legit and genuine, the phishing emails do not get blocked or flagged by the in-built email security solutions. It is considered one of the primary issues that email-based phishing campaigns like these face.
Moreover, after clicking the allow button, the website will prompt the user to download a package, which, in this case, is an information-stealing malware tool. If a user installs the tool on their device, the attacker would be able to steal their private details, banking credentials, crypto wallet details, SSH keys, or locally-stored files.
How to Avoid the WhatsApp Phishing Attack?
Now, although the malware-laden email passes various security solutions and uses tricks to lure users into installing the malware tool, there are some clear hints that reveal the true agenda. Firstly, WhatsApp does not send a separate email to notify about a voice message. The notification comes directly from the app to the user’s system notification panel.
