WhatsApp users are once again targeted by malware peddlers, via messages that offer WhatsApp Gold, supposedly an enhanced version of the popular messaging app previously used only by “big celebrities.”
The alarm was raised by Action Fraud, the UK’s national reporting centre for fraud and cybercrime, but according to Tech Worm, users from India, Pakistan and Brazil have also been receiving the message.
The website to which the victims are directed has been taken down, but it’s easy for the scammers to set up new ones and simply change the URL in the message.
“After clicking on the link you will be redirected to a fake page and your Android device will become infected with malware,” Action Fraud warns. Other sources say that users must download the app themselves.
But whatever the process, it’s clear that the fake app is bad news for the victims.
This is not the first time that scammers have used the lure of an exclusive version of some popular app in order to trick users into downloading malware. In fact, in late 2014 a fake app of the exact same name turned out to be malware that sends out text messages to premium rate numbers.
“This type of scam has been around ever since email and instant messaging services were introduced,” commented Ryan O’Leary, Vice President of WhiteHat Security’s Threat Research Centre.
“Once the user clicks on the malicious link any number of attacks can be launched. Typically, they start by downloading malware onto the victim’s phone, which allows the attacker to intercept messages, calls and even look at personal information such as credit card numbers, social security numbers and phone numbers. The attacker could also load other malware such as viruses, trojans or rootkits,” he noted, and advised users to avoid clicking on any link contained in a message or email unless they are 100% sure of the legitimacy of the content.