Beware : WhatsApp voicemail eMails are fake !

Lately, more and more people are being spammed with (fake) eMail messages, suggesting that there is a WhatsApp voicemail for them.

Beware : clicking on the (green) “Play” or “Listen” button will NOT enable you to listen to any newly recorded voicemail…

…this is a phishing-scam that instals malware (= malicious software) !!

DO NOT INSTALL !!

Note : the fact that this malware-installer makes use of a stolen Authentication Certificate (which is still valid) makes it extremely hazardous, as that will tick your computer/mobile phone into allowing the malware to be installed

The devices that suffer from this are mainly Android-mobile phones, but jailbroken iPhones, PCs and Macs also. Any original (not-jailbroken) iPhone will only install software from the iTunes App Store, so they are secured against this kind of malware.

HOW TO EASILY DETECT THESE PHISHING EMAILS :

The subject will read something like “Incoming voicemail at [date]”, and the sender will appear to be (*) “Whats App Notifier”, and there will be a big (green) button inside the eMail  named “Listen” or “Play”…

(*) on a Mac this can easily be detected, because of 2 simple indications :

1- in the senders name it is written “Whats App”, in stead of the official “WhatsApp” (one word)

2- when clicking on the senders name in Apple Mail.app, it turns blue and in yellow an eMail address will appear, which will not have “WhatsApp” in it, but will look like a regular private or business eMail-address

If you get one of these fake eMails, just mark them as SPAM and delete them a.s.a.p.

They look something like these :

whatsapp-malware-1whatsapp-malware-2

Note : if you happen to click on the “Play or “Listen” button, what will happen will (slightly) depend on the version of the eMail you have encountered and the type of device you are using :

– malware will be downloaded directly onto your device

– you will be redirected to a website which will scam you into installing malware

The Malware reportedly is WinWebSec and installs Fareit and Ursnif, which are info-stealers that send your private info to internet criminals, enables them to make your computer call paid telephone numbers and send these same type of phishing eMails on your behalf to anyone in your Contacts…

And once installed, you will also be spammed with messages by a fake antivirus-software called Antivirus Security Pro to pay for getting (in-existend) infections removed form your computer…

More on this scam be found here :

http://www.spamfighter.com/News-18612-Bogus-WhatsApp-Voicemail-Messages-Employed-to-Spread-Malware.htm

http://www.threattracksecurity.com/it-blog/kuluoz-voicemail-spam-drops-signed-certificate-winwebsec/

Donate Button (MacManusNL)

Advertisements

4 thoughts on “Beware : WhatsApp voicemail eMails are fake !

  1. How can you find out if the malware is installed on your computer? All my contacts were sent a WhatsApp email but I was using someone else’s computer when I opened the whatsapp email to me.

    • @Wendy :

      Sorry to hear you missed the warning signals and ended up having problems…
      I honestly don’t know how to fix your problem (and I am not familiar with the problem either),
      so my best advice is to contact the WhatsApp Helpdesk and ask them to help you out :
      https://www.whatsapp.com/faq/

      Good Luck !

  2. just received this today. As far as I know theres no email address involved when we register and activate whatsapp. That makes suspicious and make me curious, so I search through google and ends up here on this article. glad I didn’t click the button and also that email already inside the gmail spam folder.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s