WhatsApp voice message phishing emails push info-stealing malware


Level 84
Thread author
Top poster
Content Creator
Malware Hunter
Aug 17, 2014
A new WhatsApp phishing campaign impersonating WhatsApp's voice message feature has been discovered, attempting to spread information-stealing malware to at least 27,655 email addresses.

This phishing campaign aims to lead the recipient through a series of steps that will ultimately end with the installation of an information-stealing malware infection, opening the way to credential theft.

Information-stealing malware is aggressively distributed today via various means, with phishing remaining a primary channel for threat actors.

The information stolen by these special-purpose malware tools is predominately account credentials stored in browsers and applications but also targets cryptocurrency wallets, SSH keys, and even files stored on the computer.

The new WhatsApp voice message phishing campaign was discovered by researchers at Armorblox, who are constantly on the lookout for new phishing threats.
For years, WhatsApp has had the ability to send voice messages to users in groups and private chats, with the feature receiving new enhancements last week.

A timely phishing attack pretends to be a notification from WhatsApp stating that they received a new private message. This email features an embedded “Play” button and audio clip duration and creation time details.

The sender, masquerading as a "Whatsapp Notifier" service, is using an email address belonging to the Center for Road Safety of the Moscow Region.


The phishing email impersonating WhatsApp (Armorblox)