WhatsApp attack: 'Tens of thousands' fall victim to Russian voice message ambush

Provided by Metro A WhatsApp phishing attack has been traced back to Russia (Credits: Getty)

A phishing attack designed to look like a WhatsApp voice message has already compromised tens of thousands of email accounts.

The tried-and-tested attack method appears to be a harmless email containing a link to a WhatsApp voice message.

But anyone clicking on the link is taken to a malicious website that attempts to install a virus on the victim’s device.

Cyber security researchers at California-based Armorblox report that nearly 28,000 mailboxes – across both Gmail and Microsoft’s Outlook program have been impacted by the ambush.

More worryingly, the company says the email attack comes from a valid Russian-based domain.

The experts say the ‘mailman.cbddmo.ru,’ domain is associated with an organisation known as the ‘Center for Traffic Safety of the Moscow Region’ – which is a part of the Russian Ministry of Internal Affairs.

The phishing email contains the subject line ‘New Incoming Voicemessage’ and is supposedly from a WhatsApp Notifier function.

Provided by Metro The fake WhatsApp email containing a dangerous link (Credit: Armorblox)

The security researchers say that, although it looks authentic, it’s actually a trick.

‘Upon clicking the “Play” link in the email, recipients were redirected to a page that attempts to install a trojan horse JS/Kryptik,’ explained Lauryn Cash from Armorblox.

‘This is a malicious obfuscated JavaScript code embedded in HTML pages that redirects the browser to a malicious URL and implements a specific exploit.’

‘The Armorblox research team was able to observe this attack on multiple customer tenants across Office 365 and Google Workspace. The potential total attack exposure was close to 28K mailboxes.’

Targeting WhatsApp users and zeroing in on voice messages make sense given the staggering amount of users the service has.