WhatsApp users, watch out! The cybercriminal(s) behind the most recently profiled campaigns impersonating T-Mobile, and Sky, have just launched yet another malicious spam campaign, this time targeting WhatsApp users with fake “Voice Message Notification/1 New Voicemail” themed emails. Once unsuspecting users execute the fake voice mail attachment, their PCs will attempt to drop additional malware on the hosts. The good news? We’ve got you (proactively) covered.
Sample screenshot of the spamvertised email:
Detection rate for the malicious attachment: MD5: 0458a01e42544eacf00e6f2b39b788e0 – detected by 31 out of 48 antivirus scanners as Trojan.Win32.Sharik.qhd
Once executed, the sample creates the following Registry Keys on the affected hosts:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.sewwe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.sewwe\ShellNew
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\S6.Document
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\S6.Document\DefaultIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\S6.Document\shell
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\S6.Document\shell\open
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\S6.Document\shell\open\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\S6.Document\shell\print
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\S6.Document\shell\print\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\S6.Document\shell\printto
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\S6.Document\shell\printto\command
HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications
HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\S6
HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\S6\Settings
It then attempts to download additional malware from the well known C&C server at networksecurityx.hopto.org
Webroot SecureAnywhere users are proactively protected from this threat.
Ok so I actually got a fake whatsapp email and they used one of my phone contacts so it looked like it was from her. I click on the sender and it takes me to her contact information on my phone.
i have a voicemail on my WhatsApp and i don’t know how to check it. Can you please email those steps to me please?
Please reach out to WhatsApp Support directly for assistance with their Product:
https://www.whatsapp.com/contact/
Share good information very helpful.
thanxx for sharing a great post!!
Thanks a lot for this very very important information about the fake voicemail notification on whatsapp . Cyber criminals always do something like this but thank god for the websites and the technology geeks who always aware us regarding these attacks and stuffs.
Thanks again
I get one of these two or three times a week… I keep blocking them but they just keep springing up again… I feel like I am in a never ending conflict with the scammers…!