Criminals used fake advertising links on WhatsApp Web to distribute Pix-stealing malware. The method became known as GoPIX and was warned by Kaspersky.
The strategy has been used since December 2022 and there are likely alleged victims. The attack consists of listing a malicious link among search results links on WhatsApp Web on Google and promising access to the messaging app. However, it invites the user to download a program that is actually malware.
According to Kaspersky, there are two links from which the malware can be downloaded. Each URL is bound to port 27275 on the user’s machine. If the port is open, a ZIP file containing the LNK file with the hidden script will be downloaded. However, if the port is closed, the user downloads an NSIS installer package (containing scripts).
This tactic is a way to bypass the Avast antivirus protection system, which is required to run online banking programs.
What is GoPIX?
According to Kaspersky, GoPIX is a clipboard hijacker malware that redirects Pix transactions to a malicious address.
Currently WhatsApp is available on PC in two ways: on the web and through the app. Although the app needs to be downloaded from Microsoft Store, the web version is only available on the messenger’s official website.
The web version of WhatsApp does not require any downloads from the user. Just have a compatible browser (e.g. Chrome, Edge or Opera), enter the link and access the account using the QR Code displayed on the screen.
Therefore, if you are asked to download something from WhatsApp Web, be wary of the site immediately.
Source: Tec Mundo
I am a passionate and hardworking journalist with an eye for detail. I specialize in the field of news reporting, and have been writing for Gadget Onus, a renowned online news site, since 2019. As the author of their Hot News section, I’m proud to be at the forefront of today’s headlines and current affairs.
