Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    April 2014
    S M T W T F S
    « Mar    
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  
  • About Us

    The popular messaging application WhatsApp recently made headlines when it was acquired by Facebook for a staggering $16 billion. Cybercriminals didn’t waste much time to capitalize on this bit of news: barely a week after the official announcement, we saw a spam attack that claims that a desktop version of the popular mobile app is now being tested.


    Figure 1. Screenshot of spammed message

    Our engineers found a spam sample that mentions Facebook’s purchase of WhatsApp, and also says that a version of WhatsApp is now available for users on Windows and Mac PCs. The message also provides a download link to this version, which is detected as TROJ_BANLOAD.YZV, which is commonly used to download banking malware. (This behavior is the same, whether on PCs or mobile devices.)

    That is the case here; TSPY_BANKER.YZV is downloaded onto the system. This BANKER variant retrieves user names and passwords stored in the system, which poses a security risk for online accounts accessed on the affected system. The use of BANKER malware, coupled with a Portuguese message, indicates that the intended targets are users in Brazil. Feedback from the Smart Protection Network indicates that more than 80 percent of users who have accessed the malicious site do come from Brazil.

    Although the volume of this spam run is relatively low, it is currently increasing. One of our spam sources reported that samples of this run accounted for up to 3% of all mail seen by that particular source, which indicates a potential spam outbreak.

    We strongly advise users to be careful of this or similar messages; WhatsApp does not currently have a Windows or Mac client, so all messages that claim one exists can be considered scams. Trend Micro protects users from this spam attack via detecting the malicious file and spam, as well as blocking the related web site.

    With additional analysis from Sabrina Sioting.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon






     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice