Since WhatsApp announced the addition of its calling feature recently, it is no surprise to find others banking on this temporary craze to cash in on the unwary. Case in point:
click to enlarge
Congratulations!! You have been invited to try Whatsapp Calling!Invite your 10 Active Whatsapp Friends to Activate Whatsapp Calling
* As soon as you click on "Invite Now", your whatsapp will open and you can send invitation to any of your friends
* You'll have to invite minimum 10 active friends one by one
* You can click on "Continue" after inviting 10 friends to activate voice calling on Whatsapp
According to our friends at Panda Labs, who first spotted and wrote about this type of scam, smartphone users can unknowingly end up on the above page after they receive an invitation from another WhatsApp user: Hey, i am inviting you to whatsapp calling click here to activate now –> [URL redacted].
Same technique, different website. For this particular campaign we found, the URL is www[dot]whatsappvoiceplus[dot]com. Expect the URL and messaging to be tweaked again in the future.
We tested this campaign on a browser, which made it much easier to simulate the act of sending messages to random recipients. Clicking “Invite Now” opens a new browser tab with the following message syntax on the address bar.
whatsapp://send?text=Hey, i am inviting you to whatsapp calling click here to activate now --> [URL redacted]
The site counted that one opened tab as one message invite sent. This meant that opening nine more tabs would let us move forward to the next step. That is what we did:
click to enlarge
We weren’t surprised to see this after clicking “Continue”:
click to enlarge
Just one more step we promiseYou might be aware that WhatsApp is rolling out this feature to only a few selected users as of now because of lack of resources Please help us by filling up a simple survey so that we can soon make this feature available for everyone
Clicking “Take The Survey” loads up a survey page, which would either present a typical selection of survey questions, or give the WhatsApp fan a “not available in your region” message.
A similar spam campaign has been spotted targeting Arabic-speaking users:
click to enlarge
Elsewhere, we’ve seen files publicly shared by sites claiming to be either (1) an updated version of WhatsApp, (2) a cracked version of WhatsApp for rooted devices, or (3) a cracked version of WhatsApp with data. When you click buttons on the page to download, however, you’ll notice that the supposed APK file is actually an EXE.
click to enlarge
Malwarebytes Anti-Malware detects this particular file as PUP.Optional.MultiPlug.A.
A word of advice: Steer clear of all these and others like them.
Jovi Umawing