WhatsApp: Nivdort malware hits messaging app users through phishing scam

Malicious apps in Google Play made unauthorized downloads, sought root
January 8, 2016
Malware using legit certs to avoid detection, surveil users
January 12, 2016

INNOCENT USERS of messaging service WhatsApp have been drawn into the phishing net of gits who want a piece of the action and are looking to spread malware.

The internet is a pond surrounded by phishermen with an array of tools at their disposal. If it is online and has user accounts it has probably been phished. This week it is again the turn of photo sharing thing WhatsApp and its share-and-share-alike users.

We have the Comodo Antispam Labs to thank for the alert, and from the sounds of things the firm should know what it’s talking about. People are being hit with emails that look good and friendly but are bad and intrusive. The emails make it look like the recipient has had some sort of notification from a contact (this is presumably the grease that keeps WhatsApp WhatsAppening) and asks them to indulge in some form of harmful activity.

“As part of a random phishing campaign, cyber criminals are sending fake emails representing the information as official WhatsApp content to spread malware when the message is clicked on,” said Comodo.

“The emails are being sent from a rogue email address, disguised with an umbrella branding of WhatsApp, but if users look at the actual ‘from’ email address, they will see it is not from the company. In order to spread the rogue malware and infect computers, the cyber criminals are using multiple subject lines.”

Those lines look weird to us, but what do we know? Here are a couple of examples: ‘A sound announcement has been received sqdw’ and ‘You have a video announcement. Eom’. The clues to their scam status are the three- to five-character gibberish at the end of the line and the non-official ‘from’ email address.

The payload is delivered in a zip file (remember people, don’t go clicking on everything that comes your way) and leads to malware problems of the Nivdort variety. Comodo reckons that this is a sophisticated attack from a maturing industry. 

“Cyber criminals are becoming more and more like marketers, trying to use creative subject lines to have unsuspecting emails clicked and opened to spread malware,” said Fatih Orhan, director of technology for Comodo Antispam Labs.

“As a company, Comodo is working diligently in creating innovative technology solutions that stay a step ahead of the cyber criminals, protect and secure endpoints, and keep enterprises and IT environments safe.”

Source – http://www.theinquirer.net/inquirer/news/2441220/whatsapp-nivdort-malware-hits-messaging-app-users-through-phishing-scam