Soft2Secure

WhatsApp update message virus in Android phones

Mobile content providers stick with a business model where people sign up for their services and get subsequently charged for this on a weekly or monthly basis. Such a modus operandi is legal, moreover, lots of subscribers are satisfied because they thus get access to various entertainment platforms, news feeds, weather forecasts and the like. Meanwhile, the criteria of user consent and informed decision are critical in this activity otherwise a campaign gets on a slippery slope. This is the kind of a twist that’s happening in the fake WhatsApp update scenario. The people using said messenger on Android smartphones and tablets have been lately receiving deceptive alerts stating that the app is out of date and recommending an urgent upgrade. As per preliminary security analysis, this phony notification is generated by an Android virus that contaminates gadgets during third-party application installs.

The fake “Upgrade WhatsApp Now” warning is currently displayed to subscribers living in the Netherlands, so it’s in Dutch. Here is the English translation of this message:

In case the suggested button is clicked, the user gets redirected to a phishing page hosted at downland.whatsapap.com – note the deliberate misspellings in the domain name that look like ‘download’ and ‘whatsapp’ but in fact aren’t. The confirmation box says: “Attention! WhatsApp will expire today. Press OK to continue.” Be advised that’s a malicious site that has nothing to do with the authentic version of the product, so stay away from it.

What the linked-to page is tailored for is harvesting mobile numbers that are supposed to be entered in there for confirmation of the upgrade. Along with the phone number mining, the fraudsters are also leveraging this service in order to rip off everyone who falls for the scam: there is an allusion to a weekly fee of 12 EUR. This pitfall is mentioned in small font so that people simply overlook it. The footnotes contain further details, including a way to opt out of the service – the user needs to send an SMS with the text “STOP” to 3555. The deactivation might be accompanied by failures, though.

There is also a similar ongoing fraud that peddles a nonexistent program called ‘WhatsApp Without Internet”, which allegedly allows chatting offline. The web page involved in this particular assault is WhatsAppNoData.com. The user verification phase of this attack results in invitations being sent to 12 active friends, thus increasing the number of those fooled. Overall, the WhatsApp update message virus and copycat infections are trying to exploit this popular communication platform in several ways. It’s strongly recommended to install and update software using the official resources only. In the case of Android, it’s Google Play. Doing so will keep bad code away and safeguard the customer’s identity. No ratings yet.