WhatsApp is a very popular cross platform mobile messaging App. The beauty of WhatsApp is that it saves users plenty of money due to low usage of internet and at the same time giving them realtime chat options with their near and dear ones. Another fact that helps WhatsApp is that it is free to use for the first year and thereafter it costs just a $0.99 or Rs.60.00 odd for full year. In fact it is so very popular that most people using PC and mobile would love to have WhatsApp on both their mobiles and PCs. Those who dont have smart phones or have old phones not supporting WhatsApp also would like WhatsApp on their phones.
But the problem is that WhatsApp doesnt make PC versions and whatever versions that are being offered as WhatsApp for Windows are a sure shot invitation to the hackers to install malware on your personal computer. Kaspersky Blog has said that hackers are sending mails to induce users to visit their sites by offering them WhatsApp for Windows and making them download trojans which then lets the users PC be controlled remotely by the hackers.
The above message is in Portuguese but the hackers are sending such messages in other languages too. The gist of the message is simple. It states that WhatsApp for PC is finally available and that the recipient already has 11 pending invitations from friends in his account. The message then has following body with a clickable hyperlink
The unknowning users then clicks the link which which takes the user to a hacked server in Turkey and will then be redirected to a Hightail (Yousendit) account to download the initial Trojan, which in the system looks like a 64 bits installation file as below but is in fact a 32 bit downloader Application which installs a downloader file with a low Virus Threat definition index in most Anti-Virus Applications available in market.
Once installed it downloads a even worse trojan which in itself is a anti debugger and written in Delphi XE5 from Embarcadero conceals itself with a mp3 file icon.
Once the master malware is up and running, it connects the victims PC to the hackers console and begins transmitting data through local port 1157. It sends information from your PC to the hackers in Oracle DB format. The Trojan also downloads new malwares into your system in addition to itself. The new files downloaded are typically 10MB or more in size. Kaspersky claims that its AV finds the Trojan through heuristics.
Do remember, as of now WhatsApp is not available for Windows. If you want WhatsApp on your PC you can install it through Bluestacks or other 3rd party Android emulator for Windows. Read this post for registering your WhatsApp through Bluestacks