A scam for whatsapp it has already claimed tens of thousands of victims around the world. According to researchers at Armobloxa company specializing in IT security, the fraud would have affected at least 28,000 people.

The scam takes advantage of WhatsApp popularity, but moves via email Victims are approached by criminals with an email with a catchy title: “New incoming voice messageTo be clear, WhatsApp never reaches its users via email, but a less experienced person could easily fall into the trap.

The fraudulent email was sent to more than 28,000 email addresses, Armoblox researchers explain.

The body of the email quite convincingly replicates the WhatsApp formatcomplete with an unmistakable player for i voice messages Just clicking on the latter will redirect the user to a malicious site.

By visiting the site, the user risks downloading a Trojanthanks to a JavaScript Exploitation “Once the malicious site is opened, the user is further tricked with a screen asking them to confirm that they are not a robot,” the cybersecurity experts explain.

By just clicking the check mark, the user infects the computer with what is called in slang payload The malware is designed to steal sensitive user information such as passwords stored in the browser.

The fraudulent email campaign was made possible through the use of a legitimate email domain accredited by Google and Microsoft. It is about ‘mailman.cbddmo.ru‘, a speech by the Moscow Region Road Safety Center, an organization controlled by the Ministry of Internal Affairs of the Russian government.

For this reason, the emails sent by the criminals managed to bypass the security measures of providers like Gmail and were not blocked by spam filters and phishing attempts. The researchers did not understand how the hackers could gain control of the domain. Of course, it can be ruled out that the attack sees the Kremlin’s complicity.


Source: Lega Nerd

Previous articleXbox Series X, Microsoft’s trick to secure more supplies
Next articleGoogle removes apps that stole data from millions of Android devices in apparent cyberspying case

LEAVE A REPLY

Please enter your comment!
Please enter your name here