Search This Blog

Powered by Blogger.

Blog Archive

Labels

WhatsApp Voice Message Phishing Campaign

At least 27,655 email addresses have been targeted by a phishing campaign spoofing WhatsApp's voice message.

 

Recently Armorblox researchers have discovered that the new WhatsApp phishing campaign is targeting users by impersonating WhatsApp's voice message feature, in one of their latest researches.

At least 27,655 email addresses have been targeted by a phishing campaign spoofing WhatsApp's voice message attempting to spread information-stealing malware. This phishing campaign is designed to lead the users through a series of steps that will ultimately end with the installation of an information-stealing malware infection which further will open the way to credential theft. 

Following the incident, researchers released a statement in which they have explained the entire fraudulent process and also warned to identify signs of fraudulent activity for users to better protect themselves from phishing attempts. 

The researchers said that the malicious actors are using the "Whatsapp Notifier" service with an address owned by the Center for Road Safety of the Moscow Region, which notifies recipients regarding a new private message, with the email including a "Play" button, as well as the duration of the audio clip and details regarding the creation of the message. 

Clicking on the "Play" button will redirect recipients to a website that will trigger an allow/block prompt for JS/Kryptic trojan installation, with users lured to click "Allow" to confirm that they are not a robot. Selecting "Allow" would then prompt the installation of the information-stealing malware.

Looking into the issue for Digital Journal Josh Rickard, Security Automation Architect at Swimlane said “Phishing attacks are one of the most common methods of cyberattacks and, unfortunately, have become all too easy for cybercriminals to leverage.” In terms of how this form of attack works, he continues: “ These types of social engineering attacks that exploit human error are highly effective and well-masked. In this case, WhatsApps’s voice message feature was manipulated in an attempt to spread information-stealing malware to over 27,000 email addresses associated with the app.”
Share it:

Credential Phishing

cyber attack

Cyber Attacks

Whatsapp Phishing