Fake "new voicemail" notification targets Android WhatsApp users
Posted on 16.09.2013
Malware peddlers have decided to bank on the popularity of the WhatsApp cross-platform IM app for smartphones in order to get users to install malicious apps on their devices, Trend Micro researchers warn.

The attack starts with a fake WhatsApp notification delivered via email, claiming that the user has received new voicemail:


Pressing the Play button will redirect users to different malicious sites depending on which device they use to view the email.

In the case of PC users, they will be taken to a site that warns them that they should download an update for their browser. Fortunately for them, the offered browser_update_installer.jar file is a Java file for the mobile version, and can't do much damage on a PC.

iPhone users that haven't jailbroken their devices are likewise safe, because the downloaded app can't be installed from a source that isn't Apple's official app store.

Android users are obviously the primary target, as they are urged to download the browser_update_installer.apk file disguised as a browser named “Browser 6.5”.

When started, the "app" tries to make the user agree with the terms of the download to continue. Unfortunately, if they do that the app will send text messages to specific premium rate phone numbers, and will also try to convince them to download another app malicious app.









Spotlight

Free security software identifies cloud vulnerabilities

Posted on 21 October 2104.  |  Designed for IT and security professionals, the service gives a view of the data exchanged with partner and cloud applications beyond the network firewall. Completely passive, it runs on non-production systems, and does not require firewall changes.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Oct 21st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //