Don't Get Stuck on WhatsApp Stickers...

Scams, PUPs Target Would-be WhatsApp Voice Users

Since WhatsApp announced the addition of its calling feature recently, it is no surprise to find others banking on this temporary craze to cash in on the unwary. Case in point:

whatsapp-scam

click to enlarge

Congratulations!! You have been invited to try Whatsapp Calling!

Invite your 10 Active Whatsapp Friends to Activate Whatsapp Calling

* As soon as you click on "Invite Now", your whatsapp will open and you can send invitation to any of your friends

* You'll have to invite minimum 10 active friends one by one

* You can click on "Continue" after inviting 10 friends to activate voice calling on Whatsapp

According to our friends at Panda Labs, who first spotted and wrote about this type of scam, smartphone users can unknowingly end up on the above page after they receive an invitation from another WhatsApp user: Hey, i am inviting you to whatsapp calling click here to activate now –> [URL redacted].

Same technique, different website. For this particular campaign we found, the URL is www[dot]whatsappvoiceplus[dot]com. Expect the URL and messaging to be tweaked again in the future.

We tested this campaign on a browser, which made it much easier to simulate the act of sending messages to random recipients. Clicking “Invite Now” opens a new browser tab with the following message syntax on the address bar.

whatsapp://send?text=Hey, i am inviting you to whatsapp calling click here to activate now --> [URL redacted]

The site counted that one opened tab as one message invite sent. This meant that opening nine more tabs would let us move forward to the next step. That is what we did:

ten-tabs

click to enlarge

We weren’t surprised to see this after clicking “Continue”:

take-the-survey

click to enlarge

Just one more step we promise

You might be aware that WhatsApp is rolling out this feature to only a few selected users as of now because of lack of resources Please help us by filling up a simple survey so that we can soon make this feature available for everyone

Clicking “Take The Survey” loads up a survey page, which would either present a typical selection of survey questions, or give the WhatsApp fan a “not available in your region” message.

A similar spam campaign has been spotted targeting Arabic-speaking users:

WhatsApp-scam-Arabic

click to enlarge

Elsewhere, we’ve seen files publicly shared by sites claiming to be either (1) an updated version of WhatsApp, (2) a cracked version of WhatsApp for rooted devices, or (3) a cracked version of WhatsApp with data. When you click buttons on the page to download, however, you’ll notice that the supposed APK file is actually an EXE.

download-site

click to enlarge

Malwarebytes Anti-Malware detects this particular file as PUP.Optional.MultiPlug.A.

A word of advice: Steer clear of all these and others like them.

Jovi Umawing

ABOUT THE AUTHOR

Jovi Umawing

Knows a bit about everything and a lot about several somethings. Writes about those somethings, usually in long-form.