Tuesday, 18 April 2017

WhatsApp trojan infection - warning

ESET Ireland warns Irish WhatsApp users not to click on an email that claims it’s from WhatsApp, but in reality, spreads a trojan infection.

A dangerous email spam message is dropping into Irish mailboxes, pretending to come from WhatsApp. Its subject says “Missed voicemail” and the content of the mail just says “New voicemessage” and has a link called “Play”.

But don’t let curiosity get the better of you, because clicking on the link will begin the download of a trojan that ESET detects as “JS/Kryptik.BBC”, a variant of malware first detected in August 2016. JS/Kryptik is a generic detection of malicious obfuscated JavaScript code embedded in HTML pages that usually redirects the browser to a malicious URL or implements a specific exploit. The first instances of this sort of malware go back as far as 2011. The email address this attack comes from is associated to a domain, registered in Massachusetts, USA.

ESET Ireland recommends extreme caution when it comes to such emails, as trojan infections can expose the computer to ransomware, that ends up locking your files and demands a ransom of several hundred Euros. Rather than impulsively clicking a link in an unverified email claiming it’s from WhatsApp, log in to your WhatsApp account the standard way instead and check for any messages there.

The full story is available on ESET Ireland’s official blog.