IT-company Armorblox spoke about a new phishing campaign that masquerades as a voice messaging feature in the popular messenger. With its help, scammers install malware to steal credentials, passwords from wallets, and even files stored on a PC.
User PCs are hacked using mailing lists. The message, disguised as an official notification from the messenger’s support service, prompts the user to play a “voice message” – when clicking on the link, the victim is redirected to a phishing site that infects the computer with the JS / Kryptic virus.
To “persuade” a user into downloading malware, attackers even imitate a form of captcha with the popular caption “Confirm you are not a robot.” After pressing the on-screen button, the browser will prompt you to install a virus under the guise of “useful software for optimizing your PC”, and will also download scripts to display advertisements for various resources.
Representatives of Armorblox note that the authors of the newsletter have nothing to do with the developers of WhatsApp. In addition, voice messages in the messenger are downloaded automatically, so the company will never inform the user about the receipt of audio by e-mail. Finally, the phishing email does not contain the WhatsApp logo, which should alert the attentive user.