WhatsApp for Windows a sure fire invitation to malware, hackers spreading malware through WhatsApp for Windows

WhatsApp is a very popular cross platform mobile messaging App. The beauty of WhatsApp is that it saves users plenty of money due to low usage of internet and at the same time giving them realtime chat options with their near and dear ones. ย Another fact that helps WhatsApp is that it is free to use for the first year and thereafter it costs just a $0.99 or Rs.60.00 odd for full year. In fact it is so very popular that most people using PC and mobile would love to have WhatsApp on both their mobiles and PCs. ย Those who dont have smart phones or have old phones not supporting WhatsApp also would like WhatsApp on their phones.

WhatsApp for Windows a sure fire invitation to malware, hackers spreading malware through WhatsApp for Windows

ย 

ย 
But the problem is that WhatsApp doesnt make PC versions and whatever versions that are being offered as WhatsApp for Windows are a sure shot invitation to the hackers to install malware on your personal computer. ย Kaspersky Blog has said that hackers are sending mails to induce users to visit their sites by offering them WhatsApp for Windows and making them download trojans which then lets the users PC be controlled remotely by the hackers.

WhatsApp for Windows a sure fire invitation to malware, hackers spreading malware through WhatsApp for Windows
The above message is in Portuguese but the hackers are sending such messages in other languages too. ย The gist of the message is simple. ย It states thatย ย WhatsApp for PC is finally available and that the recipient already has 11 pending invitations from friends in his account. ย The message then has following body with a clickable hyperlink
WhatsApp for Windows a sure fire invitation to malware, hackers spreading malware through WhatsApp for Windows
The unknowning users then clicks the link which which takes the user to a hacked server in Turkey and will then be redirected to a Hightail (Yousendit) account to download the initial Trojan, which in the system looks like a 64 bits installation file as below but is in fact a 32 bit downloader Application which installs a downloader file with a low Virus Threat definition index in most Anti-Virus Applications available in market. ย 
ย 
WhatsApp for Windows a sure fire invitation to malware, hackers spreading malware through WhatsApp for Windows
Once installed it downloads a even worse trojan which in itself is a anti debugger and written inย Delphi XE5 from Embarcadero conceals itself with a mp3 file icon.
ย 
Once the master malware is up and running, it connects the victims PC to the hackers console and begins transmitting data through local port 1157. ย It sends information from your PC to the hackers in Oracle DB format. ย The Trojan also downloads new malwares into your system in addition to itself. ย The new files downloaded are typically 10MB or more in size. ย Kaspersky claims that its AV finds the Trojan throughย heuristics.
ย 
Do remember, as of now WhatsApp is not available for Windows. If you want WhatsApp on your PC you can install it through Bluestacks or other 3rd party Android emulator for Windows.ย 

Read More

Suggested Post