Hackers Pretend To Be Your Friend In The Latest WhatsApp Scam.

A new alert has been issued by WhatsApp, warning users of a scam that makes it hard to spot a malicious message given that it appears to come from a friend in your contact list. This WhatsApp security scam works by attackers sending users a text on their smartphone, followed by a message on WhatsApp from a friend in their contact list. This friend then asks the user to share the code with them that they have received on their smartphone. Once the user shares the code with the friend, scammers can easily hack their WhatsApp, leaving them logged out of their own WhatsApp account.

Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Burak Agca
Burak Agca , Security Engineer
InfoSec Expert
April 9, 2021 11:50 am

<p>This incident reflects how easy it is for attackers to acquire users\’ first factor of authentication, username and password. Messaging apps present a number of challenges to individuals and corporate data security. The rise of significant data breaches across high profile organisations is providing threat actors with vast pools of user accounts to exploit via phishing attacks on messaging apps using those stolen credentials. Added to that, we see seismic events like the pandemic driving mobile device usage, and high profile incidents such as the personal information of members of Parliament from the UK Conversative party app in recent years, further exacerbating the issue.</p> <p> </p> <p>iOS and Android devices have harboured a significant security gap in recent years, which creates a lack of protection against users being exposed to malicious links across emails, web pages, apps, as well as in SMS and WhatsApp. That gap led to a proliferation of surveillanceware delivered via exploitation of messaging server infrastructure, chained with mobile app and operating system vulnerabilities, resulting in a catastrophic failure in the onboard security measures in place. On average 40% of versions of WhatsApp used by enterprises are vulnerable. That represents a significant gap in mobile security where patch management solutions focussed on mobile devices are not in place.</p> <p> </p> <p>In addition, there are third-party App stores where modified apps such as WhatsApp++ can be obtained often free of charge. Although apps like WhatsApp++ often offer attractive additional functionality such as increased media message limits, these apps have not been vetted by Apple or Google prior to publication. They often contain adware, riskware, chargeware, or worse still surveillance or spyware.</p> <p> </p> <p>It is imperative that individuals and organisations keep their mobile operating systems and apps up to date. Vulnerable versions of apps and OS on the same device, coupled with this kind of campaign, can lead to a breach of data without any visibility to the organisation using them, further justifying the need for the same levels of protection we have expected on traditional PCs. With modern cybersecurity tools, teams can build policies that limit access to corporate data and cloud resources if the user has a vulnerable app on their device. This level of visibility and access moderation is key to a strong security posture.</p>

Last edited 1 year ago by Burak Agca
1
0
Would love your thoughts, please comment.x
()
x