A malware campaign specifically targeting businesses and customers using the WhatsApp messaging app has been uncovered.
Cybercriminals are sending emails that spread malware when clicked. Craftily disguised as genuine WhatsApp content, the emails contain an attached zip file with malware.
Comodo Antispam researchers first discovered the phishing scam, which uses a number of different email subjects, including “an audio memo was missed”, “you have obtained a voice notification”, and “you’ve recently got a vocal message” to lure victims to click:
“Cybercriminals are becoming more and more like marketers—trying to use creative subject lines to have unsuspecting emails be clicked and opened to spread malware,” wrote Comodo’s director of technology Fatih Orhan in a blog post.
The messages appear real to users, because the rogue email address is disguised with an umbrella branding name “WhatsApp”.
WhatsApp, bought by Facebook for $19bn in 2014, currently has close to 1bn users worldwide.