Emails disguised as official WhatsApp messages have been targeting users of the mobile messaging service, according to Comodo Antispam Labs (CASL), which has identified a new malware in the emails. Attackers are sending emails to distribute malware when the user clicks the message, according to CASL’s blog.
Rogue email addresses are sending the phony WhatsApp messages. By inspecting the address sending the emails, recipients can see WhatsApp is not real the sender.
To distribute the malware, the emails are carrying various subject lines. These include:
- A short vocal recording was obtained npulf
- You have obtained a voice notification xgod
- A sound announcement has been received sqdw
- You have a video announcement. Eom
- A brief audio recording has been delivered! Jsvk
- A brief video note got delivered. Atjvqw
- You’ve recently got a vocal message. Yop
- An audio memo was missed. Ydkpda
Every subject line ends with random characters such as “Ydpda” and “xgod.” The random characters are likely used to encode data and identify the recipient.
A ‘Nivdort’ Variant
The attachment has a compressed file holding the executable malware. It is a “Nivdort” family variant. It typically replicates itself into different system folders and adds into an “auto-run” in the registry of the computer.
After the compressed (zip) file executes, the malware infects the computer.
CASL identified the WhatsApp email through URL, domain and IP analysis.
Fatih Orhan, director of technology at CASL and Comodo, said attackers are becoming marketers and are attempting to use creative subject lines to provide unsuspecting emails that recipients will click and spread malware. He said Comodo is working to develop technology solutions and stay ahead of the cyber attackers, secure and protect endpoints, and make IT environments safe.
Also read: Yahoo aims to disrupt instant messaging
CASL On The Case
CASL has more than 40 computer scientists, IT security professionals, engineers and ethical hackers who are filtering and analyzing spam, malware and phishing worldwide. The company has offices in the U.S., India, the Philippines, Turkey and the Ukraine. CASL analyzes more than 1 million pieces of malicious emails daily. The team protects its customers and the public at large.
Hacked reported in September that WhatsApp Web, the messaging service’s web client, suffered a vulnerability that could have allowed hackers to undermine millions of computers around the world, security researchers warned.
Featured image from Shutterstock.