We’ve just intercepted a currently circulating malicious spam campaign impersonating WhatsApp — yet again — in an attempt to trick its users into thinking that they’ve received a voice mail. Once socially engineered users execute the malicious attachment found in the fake emails, their PCs automatically join the botnet operated by the cybercriminal(s) behind the campaign.

Sample screenshot of the spamvertised malicious email:


Detection rate for the spamvertised attachment: MD5: 41ca9645233648b3d59cb52e08a4e22a – detected by 10 out of 47 antivirus scanners as TrojanDownloader:Win32/Kuluoz.D.

Once executed, it phones back to:


We’re also aware of the following malicious MD5s that are known to have phoned back to the same C&C servers as well:
MD5: 4014d1ee9e038b312dfcebf58f84968f
MD5: b82c2a96c5b3deccb46825507026ec39
MD5: 210096af9d8049bf3bae51d000c2ab76
MD5: e1b68d32e92bddb356a9917ea8e07e83
MD5: a5fb88ee735eab458bcbff287e36d590
MD5: c8b9b6e0a3257130e5842dd0840577c9
MD5: 38fc3178363b9d16174cc1565745d57f
MD5: bf5bdca7ef67b9c85a4413a8126ecb22
MD5: 53e568fe21ef96918853bc8404fef458
MD5: 3471d59f6f99f5676714cfac595e2aad
MD5: 91ade7d94244104d8cd6fc26be839c62
MD5: 40cb1f0111b4f4c8136404d4d351ceb5
MD5: 9c122673e98a487f8cd65746f03237aa
MD5: 7d53d47982fd62a37009b9a3e5fad42f
MD5: 2226cf5ead414b156e0b8b99f761ef83

Webroot SecureAnywhere users are proactively protected from these threats.

Blog Staff

About the Author

Blog Staff

The Webroot blog offers expert insights and analysis into the latest cybersecurity trends. Whether you’re a home or business user, we’re dedicated to giving you the awareness and knowledge needed to stay ahead of today’s cyber threats.

Share This