Sophisticated WhatsApp Malware Spam uses geo location, customized filename and much more

whatsapp spam message

WhatsApp is one of the widely used messaging platform in the recent days having both mobile and desktop app versions.  Its been normal to see spam voicemail messages from spammers which goes directly to spam folder. However some do escape the spam folder very easily and ends up in users hands.  The fate of the spam is decided by the user.

The recent ones have been very sophisticated where the users typically is asked to download a file to view the message or message asks to open a zipped file.  As per one of the post on SANS, the author describes a sophisticated spam where the user location  is used to downloaded the message and its name. This shows the level of sophistication

Here is an interesting lines from Johannes post on SANS

the part that I thought was the most interesting was the executable you are offered as you download the emails. The downloaded file is a ZIP file, and the file name of the included executable is adjusted to show a phone number that matches the location of the IP address from which the e-mail is downloaded from.

Downloading the message from my home in Jacksonville, I get: VoiceMail_Jacksonville_(904)458abcd.exe . On the other hand, downloading it from a server whose IP’s geolocation commonly shows up in Wayne PA , the file name changes to VoiceMail_Wayne_(610)458abcd.exe. I obfuscated the last four digits of the phone number, but the last four digits appear random.”

Pic source : isc2.sans.edu

 

Share Button
Tagged with 

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>