Security News > 2022 > April > Attackers Spoof WhatsApp Voice-Message Alerts to Steal Info

Attackers are spoofing voice message notifications from WhatsApp in a malicious phishing campaign that uses a legitimate domain to spread an info-stealing malware, researchers have found.

Researchers at cloud email security firm Armorblox discovered the malicious campaign targeting Office 365 and Google Workspace accounts using emails sent from domain associated with the Center for Road Safety, an entity believed to reside within the Moscow, Russia region.

Those tactics include social engineering by eliciting trust and urgency in the emails sent to victims; brand impersonation by spoofing WhatsApp; the exploitation of a legitimate domain from which to send the emails; and the replication of existing workflows, i.e. getting an email notification of a voice message, Cash explained.

Potential victims of the campaign receive an email with the title "New Incoming Voice message" that includes a header in the email body reiterating this title.

The email body spoofs a secure message from WhatsApp and tells the victim that he or she has received a new private voicemail, including a "Play" button so they allegedly can listen to the message.

The average person often falls for online scams if they are familiar with the social-media platform claiming to be the message sender," James McQuiggan, security awareness advocate at security firm KnowBe4, wrote in an email to Threatpost.

News URL

https://threatpost.com/attackers-whatsapp-voice-message/179244/