Kaspersky Warns that ‘WHATSAPP for PC’ Spam Email Campaign Striking Innocent Users

WhatsApp is a renowned cross-platform messaging app. Security firm Kaspersky discovered a Brazilian spam email message targeting innocent users claiming WHATSAPP for PC is now available.

The Trojan downloading menace contains an embedded link. It makes attempts to fool users of PC to download the malware projecting on their screen. The spam email quotes that WhatsApp for the PC is now available and shows the recipient that they already have certain pending invitations from friends in his or her account.

According to Kaspersky, when the link is clicked, it won't offer WhatsApp messaging PC client software. The link leads the users to a hacked server in Turkey, after which it redirects them to a Hightail.com, which like Dropbox or YouSendIt, is a service which allows cloud file storage and downloads.

Theinquirer.net published a written statement by Dmitry Bestuzhev, Security Researcher of Kaspersky, on 21st January, 2014, as "the above downloader has some anti-debugging feature. Once it is activated, it downloads a new Trojan which appears to be a banker itself.

Threatpost.com published a report on 21st January, 2014, quoting Bestuzhev as saying "the malware reports itself to the cybercriminals' infections statistics console and when open, a local port 1157 sends stolen information in the Oracle DB format."

It's unclear if the malware has made it to shores of U.S. but considering the popularity of WhatsApp abroad, especially in Europe and Latin America, it appears to be confined to those areas.

Bestuzhev even goes as far as to call it a "classic style of a Brazilian-created malware" as it appears to target users in Brazil, a country with an established userbase of WhatsApp. Moreover, the Trojan appears to be downloaded from a Brazilian server.

The security firm notes that the malware which steal information from infected devices was detected by only 9 of the 50 antivirus engines on VirusTotal.

In September 2013, fake emails appearing to be from WhatsApp claiming that the recipient has a new voicemail message even though WhatsApp does not provide a calling feature, it is was the text messaging service which were intercepted.

» SPAMfighter News - 1/30/2014