Malware peddlers have decided to bank on the popularity of the WhatsApp cross-platform IM app for smartphones in order to get users to install malicious apps on their devices, Trend Micro researchers warn.
The attack starts with a fake WhatsApp notification delivered via email, claiming that the user has received new voicemail:
Pressing the Play button will redirect users to different malicious sites depending on which device they use to view the email.
In the case of PC users, they will be taken to a site that warns them that they should download an update for their browser. Fortunately for them, the offered browser_update_installer.jar file is a Java file for the mobile version, and can’t do much damage on a PC.
iPhone users that haven’t jailbroken their devices are likewise safe, because the downloaded app can’t be installed from a source that isn’t Apple’s official app store.
Android users are obviously the primary target, as they are urged to download the browser_update_installer.apk file disguised as a browser named “Browser 6.5”.
When started, the “app” tries to make the user agree with the terms of the download to continue. Unfortunately, if they do that the app will send text messages to specific premium rate phone numbers, and will also try to convince them to download another app malicious app.