Source: https://cobaltstrike.net/2022/04/05/fake-whatsapp-voice-messaging-feature-spreads-infostiler/
Armorblox specialists have warned about a new phishing campaign, during which attackers fake the WhatsApp voice message function in order to distribute data theft software. The infostealer was sent to at least 27,655 email addresses.
The malicious campaign takes the victim through several stages, and as a result, she installs malware on her device that allows attackers to steal her credentials.
The ability to send voice messages to groups and in person has been present in the WhatsApp messenger for many years. Last week, the function received some updates, which the scammers did not fail to take advantage of.
The victim receives an email notification allegedly from WhatsApp about receiving a new voice message. The notification has a built-in “Play” button and an audio track indicating the duration of the audio recording.
The sender, disguised as the Whatsapp Notifier service, uses the email address of the Moscow Region Traffic Safety Center. Since the address is genuine, notifications are not blocked by email security mechanisms.
When the victim clicks on the “Play” button, she is redirected to the site distributing the JS/Kryptic Trojan. The user allegedly has to confirm that he is not a robot by clicking on the “Allow” button. After clicking on the button, malware is downloaded to his system.