The CEO of WhatsApp, Jan Koum informed on January 21 that the very popular and well-known mobile application has a web client that can be used from Google Chrome which will enable users to retrieve all the conversations and messages from the mobile device.
Banking Trojan delivered in Brazil via Fake WhatsApp for web:
Attackers have formed new ways of invading computers. Although the CEO has said that the web client is simply a web page that is an exact copy of the original content that is still cached on the phone, hackers taken the advantage and have fooled users with fake downloads represented as a desktop variant of the app.
Users have been targeted all over the world, say security researchers from Kaspersky who have found a number of such examples online.
The researchers have noticed a seemingly genuine WhatsApp for Windows available for fake download that delivers Trojans to the target’s computer. There are various domains that have been established wherein some are active while some are waiting for their turn.
Fabio Assolini of Kaspersky also said that there has been another case where an unsuspecting user has been fooled to add a suspicious extension for Google Chrome shown as a simple messaging app.
Getting the phone number is sometimes the goal
There were other promising versions available for fake download for Spanish and Arabic language speakers guaranteeing the same user experience as on the mobile device.
Assolini also said that in some cases the attackers gated the coveted file by some form of a request such as entering the mobile number. Through this, the attacker would then be able to send spam or make the victims unknowingly subscribe to premium-rate services.
An unwanted message could also contain links to harmful web pages. These may be disguised by a link shortening service like Bit.ly or Goo.gl. The users are redirected to a page hosting the malware of a service to get subscription on when they launch the link.
In addition, the attackers have used a different trick wherein the landing page hosts a fake message that alerts the user of a possibly dangerous malware and then goes on to offer the user a phone number which they can use to talk to the support staff so as to fix the problem.
It is not known what are the incentives behind these messages and pages, however it is safer to access WhatsApp on the web from the official website; one may not want to simply pair the mobile device with the web browser, however, it is the most secure way to go about.
