Kaspersky Labs Warns against Downloading Malware that Disguises as WhatsApp for PC
It should be a common knowledge to all of us that malware now usually comes in the form of non-suspicious files to deceive users into downloading it. In many cases, seemingly legit files are downloaded, leading to compromising the user’s PC.
Kaspersky Labs has always been among the security experts that constantly warn online PC users against downloading and installing unfamiliar files into their machines. Now, the security vendor warns users against downloading and installation of what is supposed to be a PC version of WhatsApp, the popular mobile app.
The company has issued a warning that emails are now spreading online. That goal of those messages is clear: to claim that WhatsApp for desktop is now available. At the same time, those malicious email messages usually disclose that the unsuspecting potential victim already has numerous invitations from his friends in the account.
The moment the given link is clicked, the user turns into an instant victim, but it would take some time before he realizes the blunder. Upon clicking of the link, the online user/victim would be directed to a hacked server located in Turkey. The user would then be referred to and redirected to account of Hightail, which would be required to download initial batches of Trojan. The system remains looking like a typical 64-bit installation file.
The malware involved has been found to infuse a new type of Trojan into the desktop PC. Once it gets there, it would instantly target the banking data of customers.
This special malware has been found to be coming directly from Brazil. The recently downloadable file at times also adopts the mp3 file icon. Perhaps that could be again part of the scheme to deceive and eventually defraud unsuspecting online users.
Kaspersky further warned that the new malware may have anti-debugging features that could make analysis harder. Once the malware is up and running, it could report itself into the infections statistics console of cybercriminals.
When the file is opened, there would be a local port 1157. It would then send stolen information into the Oracle DB format. Additionally, the new malware downloads utilize up to 10Mb size of files. Many analysts noted that this is a type of practice within the industry. It is also clarified as the classic style of malware that is especially created.