Analysis by: Chloe Ordonia

Cybercriminals are always on the heels of anything popular, anything that can hook users. In this spammed message, cybercriminals use WhatsApp, an instant messaging app available for iOS and Android. Do not be duped by this message as the sender (From field) is forged. The spammed message poses as a notification of a new voicemail and provides a link to play it. Users who click on the link are redirected to a malicious site that is in the Russian language.

The malicious site alerts the recipient that the browser being used is outdated and provides a link wherein the user can download and update their browser. The link downloads a malicious.JAR file.

Trend Micro product users are protected from this threat. The spammed message is blocked, the URL is also blocked, and the malware is detected and removed.

 SPAM BLOCKING DATE / TIME: 11 September 2013 GMT-8
 TMASE
  • TMASE Engine: 7.0
  • TMASE Pattern: 0144

Zugehörige Datei