WhatsApp voice message phishing emails push info-stealing malware

A new WhatsApp phishing campaign impersonating WhatsApp’s voice message feature has been discovered, attempting to spread information-stealing malware to at least 27,655 email addresses.

This phishing campaign aims to lead the recipient through a series of steps that will ultimately end with the installation of an information-stealing malware infection, opening the way to credential theft.

Information-stealing malware is aggressively distributed today via various means, with phishing remaining a primary channel for threat actors.

The information stolen by these special-purpose malware tools is predominately account credentials stored in browsers and applications but also targets cryptocurrency wallets, SSH keys, and even files stored on the computer.

WhatsApp voice messages as a lure

The new WhatsApp voice message phishing campaign was discovered by researchers at Armorblox, who are constantly on the lookout for new phishing threats. For years, WhatsApp has had the ability to send voice messages to users in groups and private chats, with the feature receiving new enhancements last week.

A timely phishing attack pretends to be a notification from WhatsApp stating that they received a new private message. This email features an embedded “Play” button and audio clip duration and creation time details.

The sender, masquerading as a “Whatsapp Notifier” service, is using an email address belonging to the Center for Road Safety of the Moscow Region.

The fact that the emails in this campaign bypassed numerous secure email solutions makes it a particularly nasty case, but the clues that it was phishing were still abundant. First, the email address has nothing to do with WhatsApp, and the same goes for the landing URL that requests the victims to click “Allow” to confirm they’re real. They are both obviously out of WhatsApp’s domain space.

Secondly, voice messages received on WhatsApp are downloaded automatically in the client app, so the IM company would never inform you about receiving one via email. Thirdly, the phishing email features no WhatsApp logo, which is almost certainly to avoid having trouble with the VMC checks introduced by Gmail last year.

To protect yourself from phishing attempts, always take your time to look into potential signs of fraud when receiving messages that make surprising claims, and never jump into action.

With thanks to the Cyber Defence Alliance and Bleeping Computer. The full story is here: https://www.bleepingcomputer.com/news/security/whatsapp-voice-message-phishing-emails-push-info-stealing-malware/

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

Here’s how it works:

• Immediately start your test for up to 100 users (no need to talk to anyone)
• Select from 20+ languages and customize the phishing test template based on your environment
• Choose the landing page your users see after they click
• Show users which red flags they missed, or a 404 page
• Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
• See how your organization compares to others in your industry

PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/phishing-security-test-partner?partnerid=001a000001lWEoJAAW