Fake WhatsApp for Web offered in the wild

Cybercriminals are offering worldwide a fake WhatsApp for Web in spam campaign with the intent to serve banking malware and run other kinds of scams.

Recently WhatsApp launched its web service that could be used by using Google Chrome and allows users to access all the conversations and messages from the mobile device.

“Our web client is simply an extension of your phone: the web browser mirrors conversations and messages from your mobile device — this means all of your messages still live on your phone.” reads the company announcement.

The cyber criminals have tried to exploit the news by proposing a fake WhatsApp for web in a spam campaign.

According to the experts from the Kaspersky Lab, criminal crews fooled victims all over the world with fake downloads represented as a desktop variant of the popular mobile app.

The researchers have spotted numerous cases in which criminals were offering a fake WhatsApp for Web to spread financial malware.

“Fake downloads appeared in several languages and countries, and now there is a real product out there the fraudsters have returned to their old attacks, dressed them up in new clothes and sent them on the prowl for new victims.” wrote Fabio Assolini from Kaspersky Lab.

Assolini explained that Kaspersky has discovered many domains used by criminals to host their malware, some of them already exploited for scams, others waiting for further uses.

The researchers spotted many other unofficial desktop versions of the fake Whatsapp for web offered to Arabic and Spanish users as the new legitimate version of the popular messaging system.

In some cases, the cyber criminals requested victims to submit their mobile phone number in order to download the fake Whatsapp for web, by collecting such kind of information the attacker would run spam campaigns or make the victims unknowingly subscribe to premium-rate services.

Mobile phishing and mobile spam are increasing in a significant way, it is quite easy to receive unwanted messages that could be sued to spread malicious links pointing to harmful web pages.

Pierluigi Paganini

(Security Affairs –  fake Whatsapp for web, cybercrime)