Connect with us

Hi, what are you looking for?

Tech & Science

WhatsApp phishing campaign attempting to spread malware

Malicious emails, texts and phone calls have grown into a vehicle for targeted attacks.

WhatsApp blocks 2 million Indian users over messaging violations
WhatsApp has more than 400 million users in India - Copyright AFP/File Leo RAMIREZ
WhatsApp has more than 400 million users in India - Copyright AFP/File Leo RAMIREZ

A new WhatsApp phishing campaign attempting to spread information-stealing malware to over 27,000 email addresses through voice message feature manipulations has just been discovered.

The phishing attack has the ability to bypass email spam filters and then it unleashes malware on victims’ computers. The threat is higher and the hack is easier to infect those devices without antivirus software installed.

Looking into the issue for Digital Journal Josh Rickard, Security Automation Architect at Swimlane.

Rickard  begins his analysis by considering the nature of the attack, noting: “Phishing attacks are one of the most common methods of cyberattacks and, unfortunately, have become all too easy for cybercriminals to leverage.”

In terms of how this form of attack works, he continues: “ These types of social engineering attacks that exploit human error are highly effective and well-masked. In this case, WhatsApps’s voice message feature was manipulated in an attempt to spread information-stealing malware to over 27,000 email addresses associated with the app.”

Rickard also notes that businesses continuously face a barrage of these types of malicious threats: “Gone are the days when phishing was a single act targeting a specific individual. Today, malicious emails, texts and phone calls have grown into a vehicle for targeted attacks against entire organizations.”

There also resource issues, says Rickard: “Many SecOps teams do not have the bandwidth, time-tested processes or the data to properly investigate suspicious communications. Luckily, advancements in cybersecurity are easing the burden.”

As to what these solutions are, Rickard continues: “Versatile platforms that have the ability to centralize detection, response and investigation protocols into a single, streamlined process allow security teams to gain the visibility needed to properly mitigate threats, including those related to phishing, in real time.”

Rickard’s remaining recommendations are: “Leveraging low-code security automation organization-wide makes implementing these features extremely easy, ultimately enabling security and IT teams to more effectively defend against advanced attacks.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Business

What do you guys think the expression “useless morons” means?

Sports

For those seeking to snap up a ticket, it is important to know how to spot fake tickets, verify sellers, and safeguard the purchase.

Business

The US Department of Justice filed a major antitrust lawsuit Thursday seeking to break up an alleged monopoly in the live music industry.

Tech & Science

A defensive approach is no longer sufficient. Water facilities must implement a proactive cybersecurity defense to effectively mitigate cyber threats.