WhatsApp: a dangerous scam worries experts, Russian hackers strike again

A WhatsApp scam has already claimed tens of thousands of victims worldwide. According to researchers from Armoblox , a company specializing in computer security, at least 28,000 people would be reached by the fraud.

The scam uses the popularity of WhatsApp, but moves via email . Victims are contacted by the criminals with an email with a catchy title: “ New Incoming Voicemessage “. WhatsApp, for the avoidance of doubt, never reaches its users via email, but a less experienced person could still easily fall into the trap.

The fraudulent email was sent to over 28,000 email addresses, Armoblox researchers explain.

The body of the email replicates the WhatsApp layout in a rather convincing way , complete with an unmistakable player for voice messages . Just clicking on the latter, the user is redirected to a malicious site.

By visiting the site, the user risks downloading a trojan , thanks to a JavaScript exploit . “Once the malicious site is opened, the user is further tricked with a screen asking him to confirm that he is not a robot,” the IT security experts explain.

Just by clicking on the check, the user infects the computer with what is called payload in jargon . The malware is designed to steal users’ sensitive information, such as passwords stored on the browser.

The fraudulent email campaign was made possible thanks to the use of a legitimate email domain accredited by Google and Microsoft. This is ‘ mailman.cbddmo.ru ‘, an address of the Center for Traffic Safety of the Moscow Region, an organization controlled by the Russian government’s interior ministry.

For this reason, emails sent by criminals have managed to by-pass the security measures of providers such as Gmail, not being blocked by spam filters and phishing attempts. Researchers couldn’t figure out how the hackers managed to take over the domain. It is obviously to be excluded that the attack sees the complicity of the Kremlin.