Spoofed Whatsapp site delivers polymorphic SMS Trojan

The more popular an online service or an app is, the more likely this popularity will be misused by cyber crooks to trick users into downloading malware or sharing personal and financial information.

The rising popularity of the Whatsapp instant messaging service is a perfect example, as cyber criminals around the world are constantly setting up schemes misusing the service’s good standing.

The latest example, spotted by Malwarebytes’ researchers, comes in the form of a website offering the app to Russian-speaking users.

The site is a spoof of the service’s official site, and looks pretty convincing. It apparently offers versions of the app for iOS, Android, Nokia, Windows Phone, and Blackberry.

In this case only users with devices running Android are in danger, as the offered app is actually an Android SMS Trojan. Once installed on the device, the malware starts sending pricy text messages to a premium rate number.

“The Trojan itself has been around for a while, but the malware authors are serving up polymorphic files, which change with each visit,” the researchers noted.

“The changes involve strings like the package name and java classes. The overall code and data flow remains the same. This tactic isn’t necessarily aimed at the user, but to avoid detection by AV vendors.”