New spamming campaign has been observed by TrendMicro that is targeting WhatsApp users. The spam is very similar to notifications been sent by WhatsApp that include link to the voice email recorded in case that some one wanted to leave a voice message for you. in order to play the recorded message victim needs to click on the “play” button which obviously leads to a malicious website.
The website directly alert visitors that they are using an outdated browser so they need to download and install updates. For windows users they are going to download browser_update_installer.jar a java application that is detected as J2ME_SMSSEND.AF while on Android recommended upgrade by cybercriminal is browser_update_installer.apk that is ANDROIDOS_OPFAKE.CTD malware.
Email Screenshot by TrendMicro
Malicious application will open an .HTML file bundled with it and next it will sends several SMS to list of phone numbers. Apple users are not affected by this attack because iOS allows application to be installed only over App Store.
The way in this type of attack that it select the right malware to several mobile platform. So attackers just spread their malicious spam and they will infect all type of smartphone if victims are not having the proper protection. If you have received a similar message verify the source of the email and never click hyperlinks. Install Security software on your smartphone to protect your system against frauds and threats.