Some variant had also been seen in circulation in the past, and even recently, since last December. In the last few days, however, it seems to have returned with greater insistence. It’s about a fraud that transits by e-mail but builds on the enormous popularity of Whatsapp, Meta’s chat and the most used in the world. Thousands of users, in fact, are receiving in these hours an (alleged) Whatsapp e-mail informing them that they have a voice message to listen tocomplete with a button / link to click to do so.
The new threat, identified by Armorblox experts, explains that often the e-mail comes from a real or probable e-mail address, in turn involved by the infection, and includes a text that prompts the recipient to listen to an alleged voice message. Do not miss the big play button to proceed to (false) listening. As always happens in these cases, clicking on it takes you to a web page that asks you to prove that you are not a bot, that is, an automated user. But by taking that step, you end up installing a malware and replicating the mechanism, forwarding it to the addresses in your address book. Among other things, the malicious program collects personal data, the details stored in the browser you use, and also those of digital wallets and cryptocurrencies. Often the same scam also comes in the form of sms messagethen directly on the smartphone, always relying on the irresistible call of a voice to listen to on Whatsapp.
The email that arrives has as its subject «New incoming voicemail»And in fact shows a green and black frame that recalls the colors of Whatsapp, a short description and the button to send the victims to the site from which they will automatically download a malware. According to Armorblox – which detected spam mainly through the analysis of Office 365 and Google Workspace accounts – the origin of this new, massive phishing operation would be Russian. Specifically, after clicking on the link in the email the recipients are redirected to a page that attempts to install a JS / Kryptik trojan. It is a hidden and malicious JavaScript code embedded in HTML pages that redirects the browser to a malicious address and implements a specific threat.
It is not enough. As mentioned, once the victim connects to the malicious web page they are asked to confirm that it is not a robot: if they click on «Allow»(Authorize) on the popup notification in the URL, a malicious payload could potentially be installed as a Windows application via a browser advertising service, thus bypassing all controls. Once the malware has been installed (it is in fact an “infostealer”) it can steal sensitive information such as credentials stored in the browser. The advice is always the same: Whatsapp does not communicate via e-mail, when the address of origin is in doubt better not to click on the links contained in the email or open attachmentsstrengthen the defenses through an antivirus, change passwords often or use a management app to ensure that, if a password is compromised and stolen, it does not end up being exploited to access all the most important services.
Other stories of Vanity Fair that may interest you
Whatsapp, all the news for audio messages (we send 7 billion a day)
WhatsApp, it is now easier to move from iOS to Android
Source: Vanity Fair
Donald-43Westbrook, a distinguished contributor at worldstockmarket, is celebrated for his exceptional prowess in article writing. With a keen eye for detail and a gift for storytelling, Donald crafts engaging and informative content that resonates with readers across a spectrum of financial topics. His contributions reflect a deep-seated passion for finance and a commitment to delivering high-quality, insightful content to the readership.
