Beware of you receive an email which claims to be send from your Whatsapp client / device. Screenshots have been released which shows how cybercriminals are trying to infect unaware internet users by claiming that they have received “A Sound Memo”.
The attack focusses on unaware users which are using their email client. The potential victims receives an email which claims that someone has left an audio message on their Whatsapp client. To make it easier for the victim, the “audio message” has been included in the mail as an attachment.
Once the user clicks and opens the attachment, the user will be infected with the “Kazy Trojan” which is an virus that has been build with the Metasploit module on Kali Linux.
This Trojan allows the attacker to fully control the infected device, meaning that personal, financial and classified information can be stolen by a single click.
In this particular case, the malware communicates with the following domains via port 80:
- thickoclock.net
- classoclock.net
- movementshore.net
- outsideshore.net
- movementwritten.net
- outsidewritten.net
- movementdollar.net
- outsidedollar.net
- movementrealize.net
- outsiderealize.net
- buildingshore.net
- eveningshore.net
- buildingwritten.net
- eveningwritten.net
- buildingdollar.net
- eveningdollar.net
- buildingrealize.net
- eveningrealize.net
- storeshore.net
- mightshore.net
- storewritten.net
- mightwritten.net
- storedollar.net
- mightdollar.net
- storerealize.net
- mightrealize.net
- doctorshore.net
- prettyshore.net
- doctorwritten.net
- prettywritten.net
- doctordollar.net
- prettydollar.net
- doctorrealize.net
- prettyrealize.net
- fellowshore.net
- doubleshore.net
- fellowwritten.net
- doublewritten.net
- fellowdollar.net
- doubledollar.net
- fellowrealize.net
- doublerealize.net
- brokenshore.net
- resultshore.net
- brokenwritten.net
- resultwritten.net
- brokendollar.net
- resultdollar.net
- brokenrealize.net
- resultrealize.net
- prepareshore.net
- desireshore.net
- preparewritten.net
- desirewritten.net
- preparedollar.net
- desiredollar.net
- preparerealize.net
- desirerealize.net
- strengthshore.net
- stillshore.net
- strengthwritten.net
- stillwritten.net
- strengthdollar.net
- stilldollar.net
- strengthrealize.net
- stillrealize.net
- movementcharacter.net
- outsidecharacter.net
- movementladder.net
- outsideladder.net
- movementboard.net
- outsideboard.net
- movemententer.net
- outsideenter.net
- buildingcharacter.net
- eveningcharacter.net
- buildingladder.net
- eveningladder.net
- buildingboard.net
- eveningboard.net
- buildingenter.net
- eveningenter.net
- storecharacter.net
- mightcharacter.net
- storeladder.net
- mightladder.net
- storeboard.net
- mightboard.net
- storeenter.net
- mightenter.net
- doctorcharacter.net
- prettycharacter.net
- doctorladder.net
- prettyladder.net
- doctorboard.net
In the screenshot above, you can see how the “malicious Whatsapp” mail tries to lure unwanted actions from the potential victim.