That WhatsApp voice message may be a phishing scam

Android and iOS versions of WhatsApp, with app icon
(Image credit: TechRadar)

An unknown threat actor is impersonating WhatsApp over email in an attempt to bait victims into installing a trojan, cybersecurity researchers have warned.

According to a report from Armorblox, the attackers have targeted close to 30,000 endpoints to date, across the healthcare, education and retail sectors, and also managed to bypass Microsoft and Google email security filters.

The report states that the fraudulent emails are coming from the ‘mailman.cbddmo.ru’ domain, which seems to be associated with a government institution in the Moscow region. It is possible, the researchers note, that the attackers exploited a deprecated version of the parent domain to send the phishing emails.

TechRadar needs yo...

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.

>> <a href="https://project.tolunastart.com/s/Cy37RiA" data-link-merchant="project.tolunastart.com"" target="_blank">Click here to start the survey in a new window <<

Fake voicemail

The contents of the email itself revolve around a fake WhatsApp voice message. The victim will receive an email saying they’ve received a new private voicemail, and if they want to listen to it, they should click on the Play button provided. Pressing the button redirects the victim to a page that tries to install the JS/Kryptik trojan. 

“This is a malicious obfuscated JavaScript code embedded in HTML pages that redirects the browser to a malicious URL and implements a specific exploit,” the report reads.

After landing on the page, the victim would need to confirm they are “not a robot”, and clicking on the “allow” popup, researchers suggest, could install the malicious payload.

JS/Kryptik can steal sensitive information stored within the browser, such as passwords, the researchers went on to explain.

As usual, all users are warned not to click on links or download attachments from emails that come “out of the blue”, or from suspicious addresses. Email is still the most popular attack vector for threat actors, so users are advised to stay vigilant.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.