Users of the world’s most popular instant messaging application are being warned to exercise due diligence before opening any emails that appear to have been sent from official WhatsApp accounts. A recently launched malware campaign is spoofing notifications from the messaging software in an attempt to convince recipients to download attachments containing executable files. These attachments are in the form of compressed zip files so it is not immediately apparent that they contain dangerous malware.
The subject lines of the emails being sent usually suggest that the recipient has a new voice notification or had a missed call, although new ones are being invented all the time. Some messages have subject lines indicating that they contain a link to a new video message or audio file that has been sent from a WhatsApp contact. Needless to say, none of these emails should be opened and if you do open one by mistake, under no circumstances should you click on any links it contains or download any attachments.
The fake WhatsApp notifications are a good example of the new trend in spam messaging that has seen those responsible look for more creative ways to reach their target audience. PayPal invoices, instant messaging notifications, and social media notifications have all been used to send malware to people across the globe. If you do have a missed call or voice message from a WhatsApp contact, you will of course be notified by the app itself so there is no need to pay attention to these emails.