WhatsApp. Image: ximgs/Shutterstock
A new scam doing the rounds in Ireland purports to be from WhatsApp, so take a moment before clicking on suspicious links.
Cybersecurity company ESET has revealed a new scam circulating Ireland, whereby unwitting users receive emails from an account pretending to be legitimate WhatsApp correspondence.
Within the email, entitled ‘Missed voicemail’, there is a link to play a supposed audio message.
There is very little else to the email, with ESET’s screengrab showing how bare this attempt to spread malware really is.
“But don’t let curiosity get the better of you,” warned Urban Schrott, IT security and cybercrime analyst at ESET Ireland, adding that clicking on the link will instigate the download of a Trojan.
This Trojan is JS/Kryptik.BBC, which the company traces back to a piece of malware first found in August last year.
“JS/Kryptik is a generic detection of malicious obfuscated JavaScript code embedded in HTML pages that usually redirects the browser to a malicious URL or implements a specific exploit,” said Schrott.
“The first instances of this sort of malware go back as far as 2011. The email address this attack comes from is associated to a domain registered in USA.”
An example of the email that claims to be from WhatsApp. Image: ESET Ireland
ESET, as usual, advocates for “extreme caution” when unsolicited emails such as these land in inboxes. The Trojans within can expose computers to several types of malware, even stretching into the flavour of the month in cybersecurity: ransomware.
Pat Larkin, CEO of Ward Solutions, recently explained how the general air of silence around subsequent ransomware attacks, whereby businesses or individual parties pay the ransom and keep quiet, is only feeding this particular frenzy.
“Ransom prices could increase significantly for the price of their silence,” Larkin warned.
Therefore, scams – amateur or otherwise – pretending to come from services such as WhatsApp should be treated with absolute caution.
“Rather than impulsively clicking a link in an unverified email claiming it’s from WhatsApp, log in to your WhatsApp account the standard way instead and check for any messages there,” advised Schrott.
