Bogus WhatsApp Voicemail Messages Employed to Spread Malware

Few weeks ago, experts of security firm ThreatTrack Security started warning users about fake WhatsApp voicemail notifications which were used by cybercriminals to spread malware.

Notably, WhatsApp is a cross platform instant messaging application.

The security experts highlight that initial variant of the Campaign targeted mobile devices but now crooks have changed their tactics.

According to ThreatTrack Security experts, the cybercriminals are now using phony WhatsApp emails to spread fake antiviruses.

When users click on the link which comes with the fake WhatsApp email, they are directed to a site which serves a malware known as Kuluoz.B which downloads a variant of WinWebSec on the targeted computer.

Winwebsec has been signed by a valid certificate which is increasingly becoming a problem as far as malware is concerned. The Winwebsec variant is fairly recent i.e. from mid August to late August (2013) and downloads Fareit and Ursnif which are infostealers.

In the meantime, a fake antivirus known as antivirus Security Pro steps into action and try to convince users to pay in order to get the inexistent infections removed.

At the time of writing, Virustotal has the Kuluoz pegged at 16/48 and users of VIPRE antivirus will detect it as Trojan.Win32.Generic.pak!cobra.

Threattracksecurity.com published a blog by Christopher Boyd, Senior Threat Researcher of ThreatTrack Security on 7th October, 2013 as "Fake voicemail messages are a great way for scammers to attack individuals and corporations who are less technologically skilled. Expect the payloads of these spam messages keep on changing and be wary of running any executable files sent via email - no matter how tempting the message is waiting for you."

Unfortunately, this is not the first time that name and reputation of WhatsApp is being tarnished by cyber thugs in a malicious campaign.

In September 2013, security experts discovered emails purporting to be WhatsApp informing recipients that they have a new voicemail that can be accessed by clicking "Play" button in the message. However, clicking on the "Play" button took the users to a fraudulent websites where they were tricked to download malware on their devices.

» SPAMfighter News - 10/16/2013