A new malware campaign is aiming specifically at businesses and consumers using the WhatsApp mobile messaging service.
Uncovered by researchers at Comodo Labs the campaign uses emails masquerading as WhatsApp content. These have an attached zip file containing a malware executable.
The emails have a variety of subject lines including, "You have obtained a voice notification," and "An audio memo was missed," each followed by a short string of random characters which are probably used to identify the recipient.
If the zip file in the email is opened and executed, the malware is installed on the PC. It's a variant of the 'Nivdort' family. When run it replicates itself into different system folders, as well as adding itself into an auto-run in the computer's registry.
"Cybercriminals are becoming more and more like marketers - trying to use creative subject lines to have unsuspecting emails be clicked and opened to spread malware," says Fatih Orhan, Director of Technology for Comodo and the Comodo Antispam Labs. "As a company, Comodo is working diligently in creating innovative technology solutions that stay a step ahead of the cybercriminals, protect and secure endpoints, and keep enterprises and IT environments safe".
Dave Palmer, Director of Technology at Darktrace commented: "Tricking people into visiting hostile websites or open malicious documents is still an extremely common and successful means of hacking companies. It is no surprise that attackers have moved from using email, Facebook and LinkedIn to popular messaging services like WhatsApp.
"As digital business communications become more diverse and increasingly hard to secure companies need an ability to spot in-progress attacks that are already inside their complex networks. This can only be achieved by using self-learning immune systems that can spot unusual behavior no matter how novel the attack method."
More details of the attack are available on the Comodo blog.