Attackers Spoof WhatsApp Voice-Message Alerts to Steal Info

Threat actors target Office 365 and Google Workspace in a new campaign, which uses a legitimate domain associated with a road-safety center in Moscow to send messages.

Attackers are spoofing voice message notifications from WhatsApp in a malicious phishing campaign that uses a legitimate domain to spread an info-stealing malware, researchers have found.

Researchers at cloud email security firm Armorblox discovered the malicious campaign targeting Office 365 and Google Workspace accounts using emails sent from domain associated with the Center for Road Safety, an entity believed to reside within the Moscow, Russia region. The site itself is legitimate, as it’s connected to the State Road Safety operations for Moscow and belongs to the Ministry of Internal Affairs of the Russian Federation, according to a blog post published Tuesday.

So far, attackers have reached about 27,660 mailboxes with the campaign, which spoofs WhatsApp by informing victims they have a “new private voicemail” from the chat app and includes a link purporting to allow them to play it, researchers said. Targeted organizations include healthcare, education and retail, researchers said.

The attack “employs a gamut of techniques to get past traditional email security filters and pass the

Read More: