Attackers Stealing Information from WhatsApp

April 13, 2022 10:28 am

Voice message notifications from WhatsApp were the center of a malicious phishing campaign.  The campaign targeted Office 365 and Google Workspace accounts and the emails that were sent came from a domain that is connected to a legitimate site.  According to Armorblox, the site is State Road Safety operations for Moscow and belongs to the Ministry of Internal Affairs of the Russian Federation.

Potential victims of the campaign receive an email titled “New Incoming Voice Message.”  The body of the email looks like it’s a secure message from WhatsApp that informs the victim that they received a new private voicemail.  It even includes a “play” button to listen to your new voicemail.

If the “play” button is clicked, it would then redirect you to a page that tries to install a malicious JavaScript code imbedded in HTML pages that redirects you to a malicious URL.  Once on this page, it asks you to confirm you aren’t a robot, and once you allow the pop up notification in the URL, the malicious payload would then be installed.  This campaign ends up stealing sensitive information that is stored within the browser.

This particular attack is tricky and hard to detect since it looks like it is coming from legitimate sources.  One of the best ways to be aware of these types is to educate yourself – take trainings so you know what to look for, as well as read up on current scams that are taking place so you are on alert and never click on a link sent to you from a source you do not know.

Categorised in:

Book Your Free Consultation Today!