A new malware campaign is aiming specifically at businesses and consumers using the WhatsApp mobile messaging service.
Uncovered by researchers at Comodo Labs the campaign uses emails masquerading as WhatsApp content. These have an attached zip file containing a malware executable.
The emails have a variety of subject lines including, “You have obtained a voice notification,” and “An audio memo was missed,” each followed by a short string of random characters which are probably used to identify the recipient.
If the zip file in the email is opened and executed, the malware is installed on the PC. It’s a variant of the ‘Nivdort’ family. When run it replicates itself into different system folders, as well as adding itself into an auto-run in the computer’s registry.
“Cybercriminals are becoming more and more like marketers – trying to use creative subject lines to have unsuspecting emails be clicked and opened to spread malware,” says Fatih Orhan, Director of Technology for Comodo and the Comodo Antispam Labs. “As a company, Comodo is working diligently in creating innovative technology solutions that stay a step ahead of the cybercriminals, protect and secure endpoints, and keep enterprises and IT environments safe”.
More details of the attack are available on the Comodo blog.