Be aware of WhatsApp phishing attack malware

The year 2016 has started with new types of phishing attacks. A recent study done by Comodo warns this malware specifically target users from business and consumers who uses WhatsApp. WhatsApp is a multiplatform mobile phone messaging service that uses the mobile internet connection to contact and chat with other WhatsApp users.

In this type of phishing attack, criminals are sending fake emails representing as WhatsApp formal email which when open/clicked by the user then it downloads the malware in the user end device. Emails are sent from rogue email address hidden with an umbrella branding WhatsApp. This spam mail when looked clearly in IP address then it can see clearly mail is sent from fake address. Below is a screen of a grab rogue email:



To spread malware from WhatsApp cyber criminals are using different subject headlines which are as follows.

  • You have obtained a voice notification xgod
  • An audio memo was missed. Ydkpda
  • A brief audio recording has been delivered! Jsvk
  • A short vocal recording was obtained npulf
  • A sound announcement has been received sqdw
  • You have a video announcement. Eom
  • A brief video note got delivered. Atjvqw
  • You’ve recently got a vocal message. Yop

Each message end with some type of word “xgod, Ydkpda” these words may be probably used for encoding data. Contain email-attached malware is from “Nivdort” family which replicate itself in different folders of the computer when it is clicked, adding itself in auto-run in computer registry.  

How to be safe from this attack?

  1. Do not trust any display name
  2. Look the mail but do not click.
  3. Do not give your personal information to anyone.
  4. Always be cautious of the subject with an urgent and threatening message.
  5. Do not click email attachments.
  6. Check “show original” option in the mail if you feel it is suspicious, below is the screenshot from Gmail show original email.


Manish Dangol

Leave a Reply

Your email address will not be published. Required fields are marked *