Sharing is caring!

With great power comes great responsibility, but WhatsApp’s developers are not responsible for all the malware attacks that are organized by hackers who trick their victims to believe that they’re receiving emails with WhatsApp content, but when they download the attach zip file, they’re installing an executable malware file.

Researchers at Comodo Labs have uncovered a new campaign that uses emails which makes the users believe that they’re sent from WhatsApp, as in the subject lines, they contain messages such as “You have obtained a voice notification”, “An audio memo was missed”, “A brief audio recording has been delivered!”, “A short vocal recording was obtained”, “A sound announcement has been received”, “You have a video announcement”, “A brief video note got delivered” or “You’ve recently got a vocal message”, being followed by some characters such as “xgod” or “Ydkpda”. Driven by curiosity, the users open these emails, believing that they’re genuine notifications sent by WhatsApp, but the inside content has only a zip file which, if it’s opened and executed, it installs on your computer a malware which is a variant of the “Nivdort” family. Once this malware gets to your device, it replicates itself and it seeps into various system folders and into an auto-run, which is found in the computer’s registry.

Fatih Orhan, Director of Technology for Comodo and the Comodo Antispam Labs, has warned that “Cybercriminals are becoming more and more like marketers – trying to use creative subject lines to have unsuspecting emails be clicked and opened to spread malware”, adding that the company is trying to be a step ahead of the hackers by creating innovative technology solutions.

Unofficially, WhatsApp has surpassed 1 billion active users and it’s one of the applications that the hackers are using to trick users to visit hostile websites or to open documents containing malware. This isn’t the first time when WhatsApp is targeted by cyber criminals. A year ago, a Dutch developer found out that the users’ status and other info can be easily tracked, even if they’ve maximized their privacy settings.