14 DAY TRIAL // Ever since Facebook acquired WhatsApp, the number of cybercriminal schemes that leverage the messaging app’s reputation appears to have increased. At least two different scams were spotted earlier this week by security experts.
Malwarebytes has come across a website that advertises a “WhatsApp Hack” allegedly capable of retrieving all the messages of the user’s friends.
“WhatsApp Hack v2.4.1 will get access to all archive of messages (even deleted ones) of a specific number you insert. With the help of our tool, you will find out if your spouse is cheating on you, etc. We constantly update our tool se there should be no trouble,” reads a message on the WhatsApp Hack website.
Users who click on the download button are taken to an archive file hosted on Dropbox. The RAR file contains two other files named “WhatsApp” and “update.” When the first one is executed, a WhatsApp EXPLOIT application is opened.
When users press the “Grab messages” button to retrieve their friend’s messages, they’re presented with an alert that reads, “WhatsApp patched this version. Click OK to start update.”
During the so-called update process, internauts are prompted to install various applications and browser extensions. Of course, no WhatsApp messages are retrieved, even after the update is completed.
Malwarebytes detects these apps as potentially unwanted programs (PUP.Optional.OutBrowse).
Another, even more dangerous scheme has been spotted by researchers from Trend Micro. Cybercriminals are trying to trick users into installing a data-stealing Trojan on their computers by promising Windows and Mac versions of WhatsApp.
Many users are aware that there are no desktop versions of WhatsApp, but the attackers are using the latest acquisition by Facebook to suggest that such variants have been made available.
It all starts with an email that advertises the so-called desktop versions. The download link, however, doesn’t point to WhatsApp, but to a Trojan downloader (TROJ_BANLOAD.YZV).
Once it’s executed, the downloader retrieves TSPY_BANKER.YZV, a piece of banking malware that’s designed to steal sensitive information from infected computers.
Most of the victims of this particular attack are located in Brazil. This isn’t surprising considering that the malicious emails are written in Portuguese. However, users from all over the world should be careful since cybercriminals could adapt their scheme.
“We strongly advise users to be careful of this or similar messages; WhatsApp does not currently have a Windows or Mac client, so all messages that claim one exists can be considered scams,” Trend Micro Anti-Spam Research Engineer Michael Casayuran advises.