BleepingComputer reports that at least 27,655 email addresses have been targeted by a phishing campaign spoofing WhatsApp's voice message capability to disseminate information-stealing malware.
Armorblox researchers discovered that the new WhatsApp voice message phishing attack involves the use of an email from the "Whatsapp Notifier" service using an address owned by the Center for Road Safety of the Moscow Region, which notifies recipients regarding a new private message, with the email including a "Play" button, as well as the duration of the audio clip and details regarding the creation of the message. Clicking on the "Play" button will redirect recipients to a website that will trigger an allow/block prompt for JS/Kryptic trojan installation, with users lured to click "Allow" to confirm that they are not a robot. Selecting "Allow" would then prompt the installation of the information-stealing malware, according to researchers. Users have been urged to identify signs of fraudulent activity to better protect themselves from phishing attempts.
Info-stealing malware distributed in WhatsApp phishing campaign
At least 27,655 email addresses have been targeted by a phishing campaign spoofing WhatsApp's voice message capability to disseminate information-stealing malware.
Attackers who successfully activated "CSS Combine" and "Generate UCSS" within Page Optimization settings could leverage the vulnerability not only to exfiltrate sensitive data but also to elevate privileges and facilitate website takeovers for further compromise, according to an analysis from Patchstack.
Both iOS and Android devices have been targeted with attacks involving the fake app dubbed "SB-INT," which lured victims into manually trusting the Enterprise developer profile before triggering the registration process that would seek additional information from victims.