What’s Up with WhatsApp?

Posted February 9, 2015

A Banking Trojan. Cybercriminals Trick Users into Downloading Fake “WhatsApp Web” Messaging Apps That Spread Financial Malware

Not familiar with WhatsApp? It’s a cross-platform mobile messaging app, that lets users exchange messages without having to pay for SMS. Recently, the company, which already has 700 million users, launched “WhatsApp Web.” The new feature provides users with the ability to read and send messages directly from their web browsers.

In her piece on thehackernews.com, Swati Khandelwal explores how cybercriminals are taking advantage of the newly launched app to spread some nasty malware. The following has been excerpted from her piece and edited to fit our format. You may find her complete article by clicking on this link.

It only looks real

Security researchers at Kaspersky Labs …spotted a seemingly genuine WhatsApp Web for Windows in [a] spam campaign available for fake download.

“Fake downloads appeared in several languages and countries, and now [that] there is a real product out there the fraudsters have returned to their old attacks, dressed them up in new clothes and sent them on the prowl for new victims,” wrote Fabio Assolini from Kaspersky Lab.

Domains registered by cybercriminals

Researchers found a number of malicious domains registered by the cybercriminals to host their malware. Some of them were already in use and others were waiting for command from the criminals. One such domain, whatsappcdesktop.com.br, was found to be distributing Brazilian banking Trojans.

Assolini also explained that the firm has discovered some cases where unsuspecting users have been fooled [into installing] a suspicious Google Chrome extension shown as a simple messaging app, but in [reality] has nothing to do with WhatsApp.

Criminals’ goal: mobile numbers

The researchers also spotted many other promising but unofficial desktop versions of the fake Whatsapp Web offered to Arabic and Spanish language speakers as the legitimate version of the popular messaging application.

The main objective [was] to get the mobile phone number of the victims. In some cases, the attackers requested victims to enter and submit their mobile number in an attempt to download the fake Whatsapp Web client. Once submitted, the attacker would be able to run spam campaigns or make the victims unknowingly subscribe to premium-rate services.

Recommendations

[Access] WhatsApp on the web from the official website located at https://web.whatsapp.com.

ThreatMetrix

ThreatMetrix

close btn