Over the past two weeks, an email has been spreading online claiming that WhatsApp for PC is now available. The email contains a link which leads to a malware download that could damage desktop computers and laptops.
Russian based-online security vendor, Kaspersky Lab said that if the victim clicks on the link, it will lead him/her to a hacked server in Turkey and will then be redirected to a Hightail (Yousendit) account to download the initial Trojan, which in the system looks like a 64 bits installation file. In reality, it is a standard 32 bits app.
This downloader has some anti-debugging features(to make analysis harder) and once running, it downloads a new Trojan. This time the malware comes from a server in Brazil and has the icon of an mp3 file. Most users would click on it says Kaspersky Lab.
Once running, the malware reports itself to the cybercriminals’ infections statistics console and when open, a local port 1157 sends stolen information in the Oracle DB format. In addition, it downloads new malware into the system; some samples are 10Mb in size. This is the classic style of a Brazilian-created malware.
Kaspersky advises all users to be aware and not become a victim. Users are advised to instal an antivirus or Internet Security software and keep it up to date.
WhatsApp Messenger is a cross messaging platform for smartphones including Android, iOS, Windows Phone and BlackBerry. As of December 2013, there were 400 million WhatsApp users worldwide.