December 30, 2024

That WhatsApp voice message may be a phishing scam

0

An unknown threat actor is impersonating WhatsApp over email in an attempt to bait victims into installing a trojan, cybersecurity researchers have warned.

According to a report from Armorblox, the attackers have targeted close to 30,000 endpoints to date, across the healthcare, education and retail sectors, and also managed to bypass Microsoft and Google email security filters.

The report states that the fraudulent emails are coming from the ‘mailman.cbddmo.ru’ domain, which seems to be associated with a government institution in the Moscow region. It is possible, the researchers note, that the attackers exploited a deprecated version of the parent domain to send the phishing emails.

TechRadar needs you!

We’re looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn’t take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a £100 Amazon gift card (or equivalent in USD). Thank you for taking part.

>> Click here to start the survey in a new window

Fake voicemail

The contents of the email itself revolve around a fake WhatsApp voice message. The victim will receive an email saying they’ve received a new private voicemail, and if they want to listen to it, they should click on the Play button provided. Pressing the button redirects the victim to a page that tries to install the JS/Kryptik trojan. 

“This is a malicious obfuscated JavaScript code embedded in HTML pages that redirects the browser to a malicious URL and implements a specific exploit,” the report reads.

After landing on the page, the victim would need to confirm they are “not a robot”, and clicking on the “allow” popup, researchers suggest, could install the malicious payload.

JS/Kryptik can steal sensitive information stored within the browser, such as passwords, the researchers went on to explain.

As usual, all users are warned not to click on links or download attachments from emails that come “out of the blue”, or from suspicious addresses. Email is still the most popular attack vector for threat actors, so users are advised to stay vigilant.

Protect your virtual premises from phishing with the best identity management software right now