02-27-2014 10:33 AM - edited 02-27-2014 10:35 AM
The potentially harmful cocktail of malware poses as a tool that claims to be able to "grab" the messages of any WhatsApp user, and promises to help you "find out if your spouse is cheating on you, etc."
The scurrilous hackers are also using widespread low confidence in WhatsApp's security protocols in order to snare users. The site, registered at hxxp://whatsapp-hack.in, claims in broken English that "Due to the low security WhatsApp applies to their servers, we can get it and extract easy any conversation."
It also reassures users that "While you are using you are 100% protected, your victims will not see any changes or suspect behaviour on their acount."
Sound tempting? Well hold on a minute – the site does mention one catch: "They are constantly patching our exploits so do not forget to update."
That's where users get caught out. Once downloaded, the ostensible WhatsApp exploit shows the following message: "WhatApp patched this version. Click OK to start update."
Already two alarm bells should be ringing:
WhatsApps is misspelled "WhatApp"
There is no cancel button.
As you've probably guessed, hitting OK runs another executable, called update.exe.
If not connected to the Internet, the file will crash at that point. Otherwise, users see an installer that requires them to install Mobogenie, a potentially unwanted program (PUP) that various monetisation programs to bundle with third party installers, and an irritating browser extension called DefaultTab, along with other PUPs that work together to clog up affected computers.
Helpful Webroot Links: