Beware of a new Whatsapp virus campaign which claims that your Whatsapp has expired. We spotted this Whatsapp virus while we were surfing the web. The Whatsapp virus uses multiple domains to lure unaware users into their scam which will get the devices of those users infected with unwanted programs and malware.
But it is not only Whatsapp which this “group” or “person” is targeting, we noticed that they have malformed Adobe domains, which they can use to spread fake Adobe updates and fixes.
The domains below should be considered dangerous and malicious – do not navigate to those sites if you do not know what you are doing (friendly warning)
The domain oloooo.com triggered our attention, but the Whatsapp virus is also operating (or has operated) via the following domains:
- 2015-12-17 so978.com
- 2015-12-16 www.cncufe.com
- 2015-12-05 www.oloooo.com
- 2015-11-17 web.whatsapp.cm
- 2015-11-06 gusthepug.com
- 2015-10-27 oloooo.com
- 2014-06-20 adobaaoan.us
- 2014-06-18 adobooan.us
- 2014-06-14 adoboon.us
- 2014-06-14 download.adoboaoon.us
- 2014-06-14 download.flash.com.ukflash.club
- 2014-06-14 download.flash.com.uktracks.club
- 2014-06-14 www.adobooan.us
- 2014-06-12 adobaaon.us
- 2014-06-12 download.adobooaan.us
- 2014-06-10 adobaoaob.us
- 2014-06-10 adobooaba.us
- 2014-06-10 download.adobaaoan.us
- 2014-06-10 download.adobaaon.us
- 2014-06-10 download.adobooan.us
The domains which are shown above all resolved to IP 18.104.22.168.
It is strongly advised to be aware of these scams, hoaxes and hack attempts – Whatsapp is a free application, and it will stay free.
If you still think that an update needs to be installed, then navigate to the official whatsapp.com website, and search for more information on the legitimate whatsapp.com website.
The malware was served via the Google network – we also contacted Google to make sure that they will do something about it.