Malware distribution campaign using fake WhatsApp voicemail notifications

“You have a new voicemail”, “1 New Voicemail(s)” (or 4) are the subjects used by the fake emails pretending to come from the well-known WhatsApp instant messaging service for mobile devices.

There is also a “Play” button which brings you to various URLs where a malicious file is offered for download (that’s the “voice message”).

 

whatsapp-malware

 

This social engineering technique has started to be used because WhatsApp is getting more and more media attention due to their free business model (the iOS version is now also free for the first year). According to WhatsApp, the voice mail is built as similar as possible for all supported devices. And this is exactly what the cybercriminals are using in this spam campaign.

All Avira products detect the files as TR/Kuluoz.A.27.

 

Sorin Mustaca

IT Security Expert