Attention users! Fake Whatsapp updates will leave you nowhere
Malware masquerading as a WhatsApp update has the ability to access the banking apps stored elsewhere on your phone, experts have warned. There have been several cases reported of unsuspecting Android users trying to update the popular messaging app, but instead they have accidentally installed sneaky software that steals data. This follows reports of a separate piece of malware, also targeting WhatsApp users, that is spread using emails sent from criminals pretending to be from the Californian Company.
The malicious emails are sent with subject lines such as ‘an audio memo was missed’ or ‘You have a video announcement’ in order to entice people to click on the message and spread the malware. However, all of these messages end in random characters – such as ‘xgod’ or ‘Ydkpda’ that may be used to identify an unsuspecting recipient, according to security firm Comodo Labs. The messages themselves contain a compressed (zip) file harbouring the malicious software, which if clicked upon rapidly infects a computer’s file system and could be used by criminals to control the machine.
Fatih Orhan, director of technology for Comodo, warned: ‘Cybercriminals are becoming more and more like marketers, trying to use creative subject lines to have unsuspecting emails be clicked and opened to spread malware. Dave Palmer, director of technology at Darktrace told MailOnline: ‘Tricking people into visiting hostile websites or open malicious documents is still an extremely common and successful means of hacking companies. ‘It is no surprise that attackers have moved from using email, Facebook and LinkedIn to popular messaging services like WhatsApp.’
The banking malware was revealed by, and affects the customers of, The Association of Banks in Singapore (ABS). It has warned its mobile banking users about a bogus WhatsApp update. The malware takes the form of a pop-up advert, which encourages people to click on it to download the new version of WhatsApp, or risk losing access to the messaging app. Of course the software has nothing to do with its Californian developers. Users who fall for the trick and download the fake ‘update’ are prompted to share confidential information with the devious cyber criminals behind it, such as their credit card details, which could be used to commit fraud.
The malware also steals data and sends details of mobile banking transactions, according to ABS. There is no news about whether money has successfully been stolen from people’s accounts using the scam yet. ‘ABS would like to remind mobile banking customers that smartphones are as susceptible to malware as desktop computers or laptops,’ Ong-Ang Ai Boon, director of ABS said. ‘Consumers are reminded to download applications only from trusted sources.’