Warnings have been issuing to advise anyone receiving an email about a new WhatsApp voicemail message to disregard it as it could well be the latest WhatsApp scam email that is currently doing the rounds. This new scam is particularly dangerous.
The WhatsApp scam email is forming part of an attack on businesses and consumers, and will lead to Nivdort malware being installed onto the device used to read the email.
Security experts Comodo found the WhatsApp scam email and have said that the malware contained in the email attachment has been designed to affect users of Android phones, iPhones, as well Mac and PC users.
The WhatsApp scam email appears to have been sent by WhatsApp, although there are a few of tell-tale signs that the WhatsApp scam email is authentic. WhatsApp will not broadcast messages to a user’s email account, but will only inform users of a missed call or voicemail message using the app itself. However, many of the 900 million users of the chat software program will not be conscious of that.
The email includes the imagery normally associated with the Facebook-owned messaging platform, but a review of the sender’s address will show that this email has not been issued from WhatsApp. The email also includes a zipfile attachment. Opening the zip file will lead to malware being downloaded onto the device used to open the attachment.
The hackers are sending out multiple variants of the email with alternative subject lines. Each subject line also includes a string of three, four, or five randomly generated characters after the message, such as “xgod” or “Ydkpda”
The subject lines in some of the scam emails have been listed here:
If you receive any email from WhatsApp you should act carefully. You should never click on any email attachment from any person you do not recognize, and must be particularly careful with .zip files. If in doubt, delete the email and remove it from your erased email folder.
Nivdort is a group of Trojans that collect data from the computers on which they are downloaded. In order to avoid being noticed the malware is loaded into the Windows folder. The latest variant is installed to multiple system folders and also the registry. Even if identified by anti-virus software it is possible that not all parts of the malware will be deleted. The malware may could still receive commands and extract data from the infected computer.