A Trojan comes instead of a Whatsapp voice message. This is how a current malware attack that abuses Whatsapp works.
Enlarge
Alleged Whatsapp voice message spreads dangerous Trojan
© Budrul Chukrut/Shutterstock.com
The US IT news site Bleepingcomputer warns that phishing emails are currently circulating that claim that the recipient has received a Whatsapp voice message. The recipient is supposed to click on the alleged voice message attached to this email to listen to it. “Whatsapp Notifier” is named as the sender of the email, but the strange email address with the ru ending for Russia shows immediately that something must be fishy with this email. The email address is said to be that of a road safety center in Moscow By using this reputable sender address, the hackers want to trick the spam filters of the mail providers.
According to Armorblox security experts, the email with the fake Whatsapp voicemail has been sent to at least 27,655 email addresses so far. Armorblox assumes that the hackers were able to hijack or exploit the traffic safety agency’s mail domain in order to be able to send their mail.
Trojan will be installed
If the recipient clicks on the play button in the alleged Whatsapp voice message, they will be redirected to a website. There, an alleged captcha is displayed, which he should agree to show that he is not a bot, but a human being. However, this launches another window that installs malware if you click on it again. Once installed, the Trojan mainly steals access data (login data) from the infected computer, which is stored in browsers and applications. The malware also targets cryptocurrencies and SSH keys. It can also steal files stored on the computer.
How to recognize the danger
The emails are obviously not from Whatsapp. The websites that open when you click the play button also have nothing to do with Whatsapp. But above all: Whatsapp voice messages are always delivered within the Whatsapp app and never by email!
