Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Cyber Crime

Fake WhatsApp for Web offered in the wild

Cybercriminals are offering worldwide a fake WhatsApp for Web in spam campaign with the intent to serve banking malware and run other kinds of scams. Recently WhatsApp launched its web service that could be used by using Google Chrome and allows users to access all the conversations and messages from the mobile device. “Our web client is […]

Fake WhatsApp for Web offered in the wild

Cybercriminals are offering worldwide a fake WhatsApp for Web in spam campaign with the intent to serve banking malware and run other kinds of scams.

Recently WhatsApp launched its web service that could be used by using Google Chrome and allows users to access all the conversations and messages from the mobile device.

“Our web client is simply an extension of your phone: the web browser mirrors conversations and messages from your mobile device — this means all of your messages still live on your phone.” reads the company announcement.

The cyber criminals have tried to exploit the news by proposing a fake WhatsApp for web in a spam campaign.

According to the experts from the Kaspersky Lab, criminal crews fooled victims all over the world with fake downloads represented as a desktop variant of the popular mobile app.

The researchers have spotted numerous cases in which criminals were offering a fake WhatsApp for Web to spread financial malware.

“Fake downloads appeared in several languages and countries, and now there is a real product out there the fraudsters have returned to their old attacks, dressed them up in new clothes and sent them on the prowl for new victims.” wrote Fabio Assolini from Kaspersky Lab.

Assolini explained that Kaspersky has discovered many domains used by criminals to host their malware, some of them already exploited for scams, others waiting for further uses.

fake whatsapp for web spams

The researchers spotted many other unofficial desktop versions of the fake Whatsapp for web offered to Arabic and Spanish users as the new legitimate version of the popular messaging system.

fake whatsapp for web spams2

In some cases, the cyber criminals requested victims to submit their mobile phone number in order to download the fake Whatsapp for web, by collecting such kind of information the attacker would run spam campaigns or make the victims unknowingly subscribe to premium-rate services.

fake whatsapp for web mobile

Mobile phishing and mobile spam are increasing in a significant way, it is quite easy to receive unwanted messages that could be sued to spread malicious links pointing to harmful web pages.

Pierluigi Paganini

(Security Affairs –  fake Whatsapp for web, cybercrime)