The Comodo Antispam Labs (CASL) team has identified a new malware attack targeted specifically at businesses and consumers who might use WhatsApp, a multi-platform mobile phone messaging service that uses your phone’s Internet connection to chat with and call other WhatsApp users.
As part of a random phishing campaign, cybercriminals are sending fake emails representing the information as official WhatsApp content to spread malware when the “message” is clicked on.
The emails are being sent from a rogue email address, disguised with an umbrella branding “WhatsApp,” but if users look at the actual FROM email address, they will see it is not from the company.
In order to spread the rogue malware and infect computers, the cybercriminals are using multiple subject lines:
- You have obtained a voice notification xgod
- An audio memo was missed. Ydkpda
- A brief audio recording has been delivered! Jsvk
- A short vocal recording was obtained npulf
- A sound announcement has been received sqdw
- You have a video announcement. Eom
- A brief video note got delivered. Atjvqw
- You’ve recently got a vocal message. Yop
Each subject ends with a set of random characters like ‘xgod’ or ‘Ydkpda’. These are probably used for encoding some data, to identify the recipient(s).
The attachment contains a compressed (zip) file, in which a malware executable resides. The malware is a variant of the “Nivdort” family. The malware usually replicates itself into different system folders, adding itself into an auto-run in the computer’s registry.
Once the zip file in the email is opened and executed, the malware is released onto computers.
The Comodo Antispam Labs team identified the WhatsApp email through IP, domain and URL analysis.
“Cybercriminals are becoming more and more like marketers – trying to use creative subject lines to have unsuspecting emails be clicked and opened to spread malware,” said Fatih Orhan, Director of Technology for Comodo and the Comodo Antispam Labs. “As a company, Comodo is working diligently in creating innovative technology solutions that stay a step ahead of the cybercriminals, protect and secure endpoints, and keep enterprises and IT environments safe.”
The Comodo Antispam Labs team is made up of more than 40 IT security professionals, ethical hackers, computer scientists and engineers, all full time Comodo employees, analyzing and filtering spam, phishing and malware from across the globe. With offices in the U.S., Turkey, Ukraine, the Philippines and India, the CASL team analyzes more than 1 million potential pieces of phishing, spam or other malicious/unwanted emails per day, using the insights and findings to secure and protect its current customer base and the at-large public, enterprise and Internet community.
If you feel your company’s IT environment is under attack from phishing, malware, spyware or cyberattacks, and you require a malware removal tool – contact the security consultants at Comodo: https://enterprise.comodo.com/contact-us.php
A screen grab of a rogue email has been captured below: