The ESET laboratory confirmed that it received several reports on a message that came through WhatsApp inviting access to new colors on the social network with just one click. The security company analyzes what lies behind this deception that seeks to fill phone advertising.
As it is common in this type of campaign, the link reacts differently if it is clicked from a mobile phone or from the WhatsApp web application.
In the case of accessing a computer through WhatsApp web, the user is invited to install a Google Chrome extension, called Black Theme for WhatsApp, which will allow the change of the # 39; application to a darker color. It was also observed that the message appears in Portuguese, unlike the original Spanish message, which can be a signal that the campaign originally sought victims in Brazil and only bothered to translate some key messages.
This extension can be found in the Chrome Web Store and has a large number of downloads; which gives an idea of the magnitude of the campaign.
In the event that an unprepared user installs the extension and opens his WhatsApp web session, he will automatically send a message to his entire active chat list inviting you to change the colors of the application.
The complement includes messages in different languages to send, in addition to the different components that make up the message including the image. In addition, there are different URLs that can be associated with the message that is being constructed randomly as messages are sent.
Even if the user identifies what is happening and closes the web browser window, the action does not stop, since the phone itself sends the messages.
This particular functionality demonstrates the strategies used by the attackers to quickly and effectively propagate this type of campaigns and thus achieve a greater reach. Allowing the message to reach all your contacts when the message was not shared in a conscious way.
On the other hand, if you access the link in a conventional way from the cell, a message appears asking the user to share the application with 30 Friends or 10 groups before reaching the possibility of changing colors.
Similarly, even if it is not shared between the contacts and want to move forward, the application asks to download an APK called best_video.apk and activate notifications from a server located in Russia. If the potential victim prevents the above, the mobile phone will be infected with a trojan family that spreads adware among Android users.
The application is installed on the device but it does not leave any evidence of its installation, since the icon is hidden and it is only active when the user begins to navigate, displaying ad group banners associated with different legitimate advertising services; but for the user it is not obvious that you are using your resources for this type of action.
"At the time of taking care of such threats that use social engineering strategies, they are trying to tempt the user to access a link with an attractive promise in the middle, such as It is in this case to customize your WhatsApp, what you always have to remember is the premise you never access links that reach us by any digital means, even when you reach us through a known contact. ", says Camilo Gutiérrez, head of the Research Laboratory of ESET in Latin America.
In these cases, the first thing to do is verify the veracity of the link, for example, check with the contact that sent us the message – in this case the change of colors of WhatsApp – if indeed It's something that I shared consciously or if it was for being a victim of cheating and he sent it unintentionally to its spread. In addition, it is essential to have a security solution installed on the phone that sounds alarms in front of the presence of links or downloads of potentially malicious content.