Phishing is a malicious technique used by cybercriminals to gather sensitive information (credit card data, usernames, and passwords, etc.) from users.
The attackers pretend to be trustworthy entities to bait the victims into trusting them and revealing their confidential data.
The data gathered through phishing can be used for financial theft, identity theft, gaining unauthorized access to the victim’s accounts or to accounts they have access to, blackmailing the victim, and more.
Attempts have been made to disseminate information-stealing malware to at least 27,655 email addresses via the use of a new WhatsApp phishing campaign that impersonates the voice message function of the messaging app.
By sending this phishing campaign, the sender hopes to guide them through a series of actions that will eventually result in the installation of an information-stealing malware infection, paving the way for credential theft.
Information taken by these malware programs is mostly account credentials saved in browsers and apps, but it also includes cryptocurrency wallets and SSH keys, as well as information from files kept on the victim’s machine.
Researchers from Armorblox were the ones who identified the latest WhatsApp voice message phishing effort.
The context of this attack also leverages the