We’ve just intercepted a currently circulating malicious spam campaign impersonating WhatsApp — yet again — in an attempt to trick its users into thinking that they’ve received a voice mail. Once socially engineered users execute the malicious attachment found in the fake emails, their PCs automatically join the botnet operated by the cybercriminal(s) behind the campaign.
Sample screenshot of the spamvertised malicious email:
Detection rate for the spamvertised attachment: MD5: 41ca9645233648b3d59cb52e08a4e22a – detected by 10 out of 47 antivirus scanners as TrojanDownloader:Win32/Kuluoz.D.
Once executed, it phones back to:
We’re also aware of the following malicious MD5s that are known to have phoned back to the same C&C servers as well:
Webroot SecureAnywhere users are proactively protected from these threats.