Hackers are taking advantage of the widespread popularity of the mobile messaging app 'WhatsApp'.
A malware expert at the Kaspersky Lab revealed a large-scale spamming campaign, advertising a fake PC version of the WhatsApp, to spread a banking trojan.
According to the report, unaware users have received an email written in Portuguese language, it also tries to deceive the recipient with a social engineering tactic in which hackers composed a malicious email informing that victims already have 11 pending friend invitations.
If users click on the Baixar Agora (Download Now) link in the spam email, they will be redirected to a Hightail.com URL to download the Trojan.
The file stored on Hightail server looks like a 64-bit installation file bundled with 2.5 megabyte MP3 file. According to Virus Total engine, only 3 out of 49 anti-malware softwares are able to detect it.
During execution of the malicious code, it communicates with the command & control servers to provide infection statistics and system console through the local port 1157. The Malware sends back the stolen information in the Oracle DB format. The malicious code is also able to download another payload on the infected system.
This isnt the first spam email campaign that abused the WhatsApp brand, hackers leveraged the service in the past November to push malware via email by tricking users into thinking they had a new voicemail message.
Pay attention to the links you click be safe
