Sharing is caring!

WhatsApp is a great application and its popularity is increasing with each passing day. That’s a good thing, right? It’s awesome, because the application is being used by more and more people, and hackers consider WhatsApp a gold mine because they’re always finding ways to make money off users’ backs. Scams have made many victims, but people don’t seem to take into consideration warning and their naivety costs them.

Users download malicious software without their knowledge, being tricked to open messages and to click on links inside them. This is the most common scam and there were many attacks that targeted not only WhatsApp, but other messaging applications as well.

It seems that these days, another campaign is targeting WhatsApp, Google Play and Uber and after users download the virus, it waits until they open the original application and it overlay its fake interface over the top. When users enter their personal information such as address, passwords and bank account details, the fake applications gather them and hackers use these details to sell them on.

FireEye’s researchers have discovered this virus and they warned European users to be more careful what content they’re downloading to their devices. The infection has started in Denmark, but later it was detected in Italy, Germany and Austria, as well.

How does this malware work? It’s spread via a basic text messaging phishing scheme, which states “We could not deliver your order. Please check your shipping information here.” When clicking on it, users download the malware and this is where all hell breaks loose.

FireEye has explained on its blog page that “After landing on the user’s device, the malware launches a process to monitor which app is running in the foreground on the compromised device. When the user launches a benign app into the foreground that the malware is programmed to target, the malware overlays a phishing view on top of the benign app.”

According to FireEye, in Denmark, the malware was downloaded over 130,000 times.