Avira researchers recently came across a spam campaign using e-mails that claim to come from the WhatsApp messaging service and state, “You have a new voicemail,” “1 New Voicemail,” or “4 New Voicemails.”
The e-mails include a “Play” button which redirects the user to a URL where a file, purportedly the voice message, is offered for download.
If the user accepts the download, malware is delivered instead — Avira detects the file as TR/Kuluoz.A.27. Microsoft reports that the Kuluoz Trojan is designed to steal passwords and other confidential data from the victim’s computer.
“This social engineering technique has started to be used because the WhatsApp is getting more and more media attention due to their free business model (the iOS version is now also free for the first year),” Avira security expert Sorin Mustaca wrote in a blog post warning of the scam.