A new phishing campaign is attempting to trick WhatsApp users into installing information-stealing spyware on their devices via emails. According to a recent report, the campaign is targeting at least 27,655 email addresses and leveraging WhatsApp's voice message feature (which recently received new features) to spread malware capable of stealing users' sensitive information, including account credentials stored in browsers and applications. Continue reading to learn more.
Watch Out for This WhatsApp Phishing Campaign!
According to a recent revelation by Bleeping Computer, which cites Armorblox cyber-security analysts, a threat actor impersonating the WhatsApp team is sending malware-laden emails to WhatsApp users. The infected email appears as a notification for a new "private voicemail" on WhatsApp, and the sender uses an email address associated with the Moscow region's Center for Road Safety.
According to the study, the threat actor used the email account by exploiting the domain in some way. Furthermore, because the email address appears legitimate and real, the phishing emails are not prevented or warned by the in-built email security systems. It is regarded as one of the most serious difficulties that email-based phishing campaigns encounter.
The email includes a preview of the "private voicemail," as well as a play button towards the bottom. By clicking this button, the user is directed to a malicious website that requests permission to allow in-browser alerts. The website even tries to fool the user into clicking the "Allow" button by disguising the query as a captcha to determine whether or not they are a robot. By clicking this button, users will be able to receive in-browser notifications, which will expose them to adverts for frauds, adult sites, and malware in their browser.
Furthermore, after clicking the allow button, the website will prompt the user to download a package, which in this case is a malware tool that steals information. If a user instals the tool on their device, the attacker can steal their private information, banking credentials, crypto wallet details, SSH keys, or locally-stored files.
How to Prevent a WhatsApp Phishing Attack?
Despite the fact that the malware-laden email bypasses numerous protection measures and employs techniques to entice people to install the malicious tool, there are some clear indicators that expose the genuine objective. To begin with, WhatsApp does not send a second email to notify users of voice communication. The app sends the notification immediately to the user's system notification panel.
Second, there is no WhatsApp logo or anything else in the email preview to confirm that it is a legitimate WhatsApp message. Furthermore, the email address and website URL have nothing to do with WhatsApp. Third, there is no need to download any additional programmes in order to listen to a simple WhatsApp audio message.
These are some of the obvious red signs that users should be aware of when responding to such phishing emails. So, if you see such an email in your inbox, delete it immediately and report the sender.
Please do not enter any spam link in the comment box.