Beware : WhatsApp voicemail eMails are fake !

Lately, more and more people are being spammed with (fake) eMail messages, suggesting that there is a WhatsApp voicemail for them.

Beware : clicking on the (green) “Play” or “Listen” button will NOT enable you to listen to any newly recorded voicemail…

…this is a phishing-scam that instals malware (= malicious software) !!

DO NOT INSTALL !!

Note : the fact that this malware-installer makes use of a stolen Authentication Certificate (which is still valid) makes it extremely hazardous, as that will tick your computer/mobile phone into allowing the malware to be installed

The devices that suffer from this are mainly Android-mobile phones, but jailbroken iPhones, PCs and Macs also. Any original (not-jailbroken) iPhone will only install software from the iTunes App Store, so they are secured against this kind of malware.

HOW TO EASILY DETECT THESE PHISHING EMAILS :

The subject will read something like “Incoming voicemail at [date]”, and the sender will appear to be (*) “Whats App Notifier”, and there will be a big (green) button inside the eMail  named “Listen” or “Play”…

(*) on a Mac this can easily be detected, because of 2 simple indications :

1- in the senders name it is written “Whats App”, in stead of the official “WhatsApp” (one word)

2- when clicking on the senders name in Apple Mail.app, it turns blue and in yellow an eMail address will appear, which will not have “WhatsApp” in it, but will look like a regular private or business eMail-address

If you get one of these fake eMails, just mark them as SPAM and delete them a.s.a.p.

They look something like these :

whatsapp-malware-1whatsapp-malware-2

Note : if you happen to click on the “Play or “Listen” button, what will happen will (slightly) depend on the version of the eMail you have encountered and the type of device you are using :

– malware will be downloaded directly onto your device

– you will be redirected to a website which will scam you into installing malware

The Malware reportedly is WinWebSec and installs Fareit and Ursnif, which are info-stealers that send your private info to internet criminals, enables them to make your computer call paid telephone numbers and send these same type of phishing eMails on your behalf to anyone in your Contacts…

And once installed, you will also be spammed with messages by a fake antivirus-software called Antivirus Security Pro to pay for getting (in-existend) infections removed form your computer…

More on this scam be found here :

http://www.spamfighter.com/News-18612-Bogus-WhatsApp-Voicemail-Messages-Employed-to-Spread-Malware.htm

http://www.threattracksecurity.com/it-blog/kuluoz-voicemail-spam-drops-signed-certificate-winwebsec/

Donate Button (MacManusNL)

Advertisements

Beware : FBI warns not to upgrade software through free-WiFi !

The FBI has reported that users of ‘out-of-home-WiFi’ (free-WiFi hotspots, hotel WiFi, etc.) have become infected with malware, while upgrading ‘a widely used software product’.

http://www.fbi.gov/scams-safety/e-scams

The original report states :

“Recently, there have been instances of travelers’ laptops being infected with malicious software while using hotel Internet connections. In these instances, the traveler was attempting to set up the hotel room Internet connection and was presented with a pop-up window notifying the user to update a widely used software product. If the user clicked to accept and install the update, malicious software was installed on the laptop. The pop-up window appeared to be offering a routine update to a legitimate software product for which updates are frequently available.”

Even though the software product is not mentioned by name, it is good to inform you that one of the most common software products using this type of upgrades is Adobe Flash… so watch out when upgrading Adobe Flash (and any other software upgrade that is offered) when you are not on your own private WiFi-network.

So… here are some useful guidelines regarding software updates while traveling :

1- if you can do without upgrading, don’t upgrade while traveling ; wait until you’re back home on your own trusted WiFi-network

2- if you really need to upgrade, take these precautions : when you are prompted to upgrade any software while on an ‘out-of-home-WiFi’-network, click to close the pop-up window that is urging you to upgrade. Then either use OSX’s built-in “Software Update…” feature, or open the (Mac) App Store to download your updates from there, or manually type the URL of the known software-maker and download the software update directly form their site (after having double checked that your installed version is not the latest one).

Note : in the case of of the Adobe Flash browser plugin, the software-maker’s website is Adobe.com

Flashback trojan finally detected by built-in OSX malware detection

Apple introduced built-in Malware Detection in OSX 10.6 Snow Leopard (and OSX 10.7 Lion also of course). This works very good and updates automatically whenever your connected to the internet and Apple releases new malware definitions…

…this week (online) news sources were warning Mac-users that Apple still hasn’t updated for the latest expoit of Java by the Flashback trojan horse malware…

Today however the Java update was released by Apple :

http://support.apple.com/kb/HT5228

As always : to install this update, just use OSX’s built-in Software update feature (find it under the Apple-icon menu in the left top corner of your screen).

 

Beware : MAC Defender = malware ! don’t install ! remove it !

Since some of you might not know… just a quick note to inform you :

Your Mac is not completely immune to viruses and malware (and never has been). The  weakest link in the security chain of Mac-protection is often the user himself…

A program called “MAC Defender” claims to be your best protection, but do not install it ! If you really need a reliable virus-protection app for you Mac, go only with the renowned ones like Sophos, Kasperski, Norton, ClamXav or VirusBarrier (downloads available via MacUpdate.com, or from their respective brand’s websites).

MAC Defender is a fake AntiVirus-app ! It’s a trojan horse intended for phishing your valuable data, passwords and credit card info.

Apple has put info on how to avoid or remove MAC Defender online here :

http://support.apple.com/kb/HT4650?

…but still : best remedy is not to install it at all !

Beware : the URL you are seeing in iOS may not be the URL you’re visiting

The Dutch Government’s Ministry of Security & Justice’s website Waarschuwingsdienst.nl has published a problem with iOS that is not a big threat to the prudent iOS user, but still is a ‘good to know’.

Simply put :

The URL that you are seeing in your iOS web browser may not actually be the URL you’re visiting, enabling a phishing threat (this problem was found in iOS 5.1, but will most certainly exist in all previous versions of iOS also)

Suggested remedy :

To minimize the potential of this hazard, make sure you are not clicking on any weblinks when reading websites or eMails from sources you do not fully trust.

Especially when asked for personal data and/or payment, make sure you retype the complete URL manually, and check if the URL doesn’t get redirected, when using your iPad, iPhone or iPod Touch.

 

More info on this and other viruses, malware, hoaxes, vulnerabilities, software-leaks, privacy breaches, phishing and alike, including updates on official patches, can be found here [in dutch] :

http://www.waarschuwingsdienst.nl/Risicos/Actuele+dreigingen/Softwarelekken/WD-2012-026+Kwetsbaarheid+gevonden+in+Apple+iOS+Webkit.html