14 DAY TRIAL // A few weeks ago, experts started warning users about fake WhatsApp voicemail notifications that were used by cybercriminals to distribute malware. The initial variant of the campaign targeted mobile devices, but now the crooks have changed their tactics.
According to ThreatTrack Security experts, the cybercriminals are now using the phony WhatsApp emails to spread fake antiviruses.
When users click on the links from the fake WhatsApp notification, they’re taken to a site that serves Kuluoz.B, a piece of malware that downloads a variant of WinWebSec that’s been signed with a valid digital certificate.
Once it finds itself on a computer, WinWebSec downloads information-stealing malware such as Fareit and Ursnif.
In the meantime, a fake antivirus called Antivirus Security Pro steps into action trying to convince users to pay up in order to have some inexistent infections removed.
Additional technical details on these threats are available on ThreatTrack Security’s blog.