WHATSAPP FOR PC IS NOW AVAILABLE, claims a Brazilian spam message targeting users with a disguised Trojan via a download link.
Uncovered by security firm Kaspersky, the Trojan downloading menace is masked as an advert with an embedded link and attempts to trick PC users to download the malware. The message says that Whatsapp for the PC is "finally available" and that the recipient already has 11 pending invitations from friends in his or her account.
Kaspersky said that if the victim does click on the link it won't offer them Whatsapp messaging PC client software, but instead will lead them to a hacked server in Turkey before redirecting them to a Hightail (Yousendit) account to download the initial Trojan, which in the system looks like a 64-bit installation file.
"This downloader has some anti-debugging features like UnhandledExceptionFilter() and RaiseException() and once running, it downloads a new Trojan that is [a] banker itself," wrote Kaspersky security researcher Dmitry Bestuzhev in a company blog post.
"This time the malware comes from a server in Brazil and has a low VT detection 3 of 49. The recently downloaded banker has the icon of an mp3 file. Most users would click on it, especially after seeing it is about 2.5Mbps in its weight."
Once running, the malware reports itself to the cyber criminals' infections statistics console and when open a local port 1157 sends stolen information in the Oracle DB format. This also downloads new malware into the system, with some samples being up to 10MB in size.
Kaspersky said that this is a "classic style" Brazilian created malware and warned users to "stay alert" when they see ads with embedded links. If it seems too good to be true, it probably is. µ
Sign up for INQbot – a weekly roundup of the best from the INQ