With cybercriminal activity on the rise, more and more platforms and devices are falling victim to digital malware. WhatsApp, a popular messaging platform, has recently been targeted by powerful malware intended to steal sensitive information from its users.
Having approximately 2 billion users, WhatsApp is the most popular mobile messenger app globally, outranking even Facebook Messenger. Furthermore, WhatsApp is also the third most popular online social network globally, following Facebook and YouTube.
With that said, it’s easy to understand WhatsApp is being used by numerous users today. What can happen if malware infects such a large platform and targets its users?
About the newest WhatsApp phishing campaign
The newest phishing campaign targeting WhatsApp lures users into installing malware on their PCs and other devices. However, that isn’t even the worst part. When installed, the malware steals information and sensitive data found on the device, including account credentials used for various sites and apps.
When this malware started attacking WhatsApp users, many wondered how they could detect the malware and prevent it from targeting their information.
Unfortunately, the malware has been well hidden. Namely, WhatsApp users have sent malware-infected emails claiming to come from the official WhatsApp team. These emails typically come as notifications for a new private voicemail, so naturally, the users believe they have an unopened voice message on their WhatsApp.
Because the cybercriminals responsible for this phishing campaign use an email address belonging to the Center for Road Safety in Moscow, the domain is legitimate. Thus, the sent email doesn’t get flagged or end up in the spam folder.
Furthermore, cybercriminals have implemented several other features to trick people into believing they have a new private voicemail. Alongside the voicemail preview, the users also get a play button at the bottom.
What happens if an attack is successful?
Clicking on this button leads users to a malicious website that first asks users for in-browser notifications and then requires them to fill out a captcha to prove they’re not robots. By completing the captcha and proceeding to the site, WhatsApp users infect their devices with malware filled with advertisements for scams.
Besides this, users are also advised to download a file package that contains an information-stealing malware tool. If downloaded and installed on a PC or any other device, cybercriminals can access sensitive data. This includes banking credentials, locally stored files, crypto wallet details, SSH keys, and additional valuable information.
Protecting yourself from the WhatsApp phishing attack
Now that you know more about the malware that’s recently been on the rise among innocent WhatsApp users, you’re undoubtedly interested in the possible ways of protecting yourself and your devices from this horrible cybercriminal activity.
Even though these phishing campaigns go through many email security checks and other security solutions, some of them still end up in your inbox. However, there are many ways to protect your online identity and valuable data from these WhatsApp cyberattacks.
Here are some practical steps to help you stay safe and avoid the most common malware attacks.
Use a VPN
One of the ultimate solutions for combating cybercriminals is to use a VPN for PC for all your online activities. Since Virtual Private Network solutions hide your online footprint, scammers and attackers will have a significantly harder time finding your email address in some databases and using it to contact you. Essentially, if they can’t see where you are connecting from, they won’t be able to do any harm. For instance, a VPN hides your IP address, necessary for performing DDoS attacks against users.
Pay attention to email notifications
If you pay close attention to how WhatsApp works, you’ll realize this platform doesn’t send email notifications about a new text, photo, or voice message. All WhatsApp notifications come directly from the app, so receiving such an email isn’t exactly a regular occurrence. Ignore such emails.
Look for the official credentials
All official WhatsApp emails come with a logo, the email address, the website URL, and other key pieces of information that ensure email recipients the message came from a reliable source. If your WhatsApp emails lack these, somebody’s probably trying to take advantage of your data.
Install antivirus protection
Your home PC likely handles many confidential activities. From shopping online to checking your bank account, such processes must be protected. Therefore, it is crucial to have a reliable antivirus tool for PC for conducting anything you want safely. Run frequent scans to check the security condition of your device. Furthermore, bear in mind that some malware strains can be evasive enough to avoid detection. You need to be aware of everything you install on your device.
Tread lightly around additional programs
Finally, reading a voice message or completing any other kind of activity on WhatsApp doesn’t require the installation of additional programs. None of the things you can do on the WhatsApp platform require third-party programs. So stay away from sites and emails that require this step from you.
Having mentioned some of the fundamental features of the latest WhatsApp malware, now you know what to stay away from when it comes to suspicious emails. Moreover, going over the red flags and using some or all the tips and tricks above will help you stay safe online. So make sure to implement them!
DevX's Best Security Products of 2023
|Link to Purchase
|Blink Outdoor 3 Camera System
|Ring Video Doorbell 4
|Ring Alarm Pro
|Camera System and Router
|Ring Car Cam