How To: Avoid Malware in WhatsApp

Iamge source: Flickr Jan Persiel

Every once in a while someone from your contacts would send you spam. Not willingly or intentionally. Some people are just that naive as to believe every piece of malicious joke they receive, and spread it with the dedication worthy of a better purpose. Find out about the new and the most widespread methods the hackers use to spread malware via WhatsApp. With its nearly a billion users base, no wonder WhatsApp is the constant target of all sort of malicious perpetrators.

You have received a voice notification

The most recent WhatsApp scam was discovered by the security company Comodo. It’s a malware attack that comes via email phishing. The attack targets business people or any user who does online banking from their smartphone. The message comes as an email, not WhatsApp message, and tries to convince the victim to click on a link embedded in the email. The letter is masterfully disguised as an official email from the company, and the subject varies with the ultimate purpose to convince the user to tap and open the email. In most cases it reads something along the lines, “You have received a voice notification” or “You have an audio recording pending.” The body contains the text and an image designed to provide the most credibility to the email, complete with a zip that supposedly contains the voice recording you have missed on WhatsApp.

You have obtained a voice notification xgod
An audio memo was missed. Ydkpda
A brief audio recording has been delivered! Jsvk
A short vocal recording was obtained npulf
A sound announcement has been received sqdw
You have a video announcement. Eom
A brief video note got delivered. Atjvqw
You’ve recently got a vocal message. Yop

Image source: https://blog.comodo.com/malware/whatsapp-new-malware-attack/
Image source: Comodo Blog

If you should receive the similar email, report it to Google as spam. First of all, remember you used your phone number to register with WhatsApp, so the company has no reason to email you. Besides, whenever you have messages pending, you see them in your WhatsApp chat while the notifications are displayed in the notifications bar.

The zip contains an executable file of a malware type that replicates itself into several system directories, and is specifically dangerous if you open it from your computer. Comodo did not specify what happens if you open it from your Android or iOS device, so we assume it’s installing a virus or sending out your personally identifiable information to the rogue server. Some suggest it can even lock you out of your device.

Emoji

Some tech-savvy teen discovered you could crash someone’s WhatsApp on mobile and in desktop browser if you send them 4400 smileys.

WhatsApp Spam Chain Messages

WhatsApp is shutting down, or it will charge you unless you send this text to at least 13 contacts and the like – remember, if the message sounds like Tarot reading or some woo-doo mumbo-jumbo, it probably is scam. WhatsApp does not and never did require its users to send chain messages to all their contacts, or else… it will de-activate your account or charge you money. It’s common sense, but surprisingly huge numbers of people buy it.
Pay attention to the wording and the Grammar of these messages, if you have any doubts. Most will contain all sorts of errors, and claim they’re from the company owner. The message may contain whatever gibberish the spammers come up with – that WhatsApp is experiencing an overload and there are too many users, so it will shut down your account unless you re-send this message to all your contacts.

Another popular spam message that circulates WhatsApp for years is that it starts charging its users $0.37 per message, unless you forward the message to 9+ contacts of yours within the next 48 hours. Folks, not only WhatsApp charges once per year, it recently dropped its annual fee and went all-gratis for everyone.

The best solution here is to explain to whoever sent you this that the message is a hoax and they need to stop forwarding it because they contribute to the spamming avalanche.

Read what WhatsApp has to say about these messages.

Fake WhatsApp installers

You can run WhatsApp on an Android tablet that does not have a sim card slot by simply installing an apk and going through the verification process that sends you an SMS. The latter contains a web link, so once you manually enter that link in your default Android browser, the WhatsApp app identifies your device as the one linked to your registered phone number. You can do this using any Android emulator, if you so wish to have the app on your desktop, if the web browser version is not enough. However, this also opens an way for users to download fake versions of WhatsApp. To avoid this scam, never download WhatsApp installers from unverified resources. In other words, there are only as many resources that provide you with the official app – WhatsApp’s website, Google Play store, iTunes, Amazon and Windows Phone. Never should you download a WhatsApp apk by following a link you receive in your email from supposedly WhatsApp.

Want to spy on someone’s WhatsApp?

Before you set out on a hacking spree against your vicious ex, you should probably know the majority of apps that claim to help you spy on someone’s WhatsApp contain malware. So, it’s you who will end up leaking the private data. So, forget about pretending to be a hacker.

Premium Accounts

Certain users spread spam messages via social networks claiming you can have a premium account with WhatsApp that offers better UI, elegant gold themes and super emoji. Click on the link, pay $40 for a gold edition and understand you’ve just been fooled.

You won a lottery

A gift card or lots of money from your deceased uncle in Africa. You also need to invest in some stock, urgently. Let’s face it, you did not win a lottery. Nor do you have a rich uncle in Africa. And filling out a survey form to win an IKEA gift card won’t get you the gift card. All you get is an identity theft. If you should receive any survey request that allegedly comes from McDonald’s, IKEA, Starbucks or any other big company, head over to their official website and check if there’s a bonus program in process, indeed, and if yes, how do the companies deliver these surveys. No reputable company has any business asking for your sensitive data via WhatsApp, according to Welivesecurity ESET’s blog.

whatsapp scam 1
Image source: ESET blog

How to steer clear of scams?

  • First of all, do you deal with any of your services via WhatsApp? Like, Walmart, bank, gym, Starbucks? If the answer is no, don’t expect any legitimate messages coming from them. If you do receive any, double-check with the company official website.
  • Second, WhatsApp has no business asking for your personal information via email or surveys.
  • If a message claims something terrible will happen to your account unless you forward it to X number of your contacts, it’s a scam. WhatsApp does not contact you via the app. At most, you can receive a notification.
  • Do not disclose your device’s IMEI or Mac – should you disclose it to a shady service, someone now in possession of your device’s IMEI can hack into your WhatsApp account.

If you came across any other scam scheme that circulates WhatsApp, share the knowledge with us in the comments below!