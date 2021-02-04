To spread their hoaxes, digital criminals look to the most popular applications, as they secure a greater number of victims with each attack. WhatsApp, with about 2 billion users worldwide, is one of the favorites.

The latest news comes from a group of hackers who designed a fake version of WhatsApp, very similar in appearance to the real thing, specifically aimed at iPhone users in order to steal information about them and their mobile devices.

The cybersecurity company ZecOps reported a few days ago that it had detected an attack against WhatsApp users on iOS. The post he shared on Twitter included a domain and an IP address.

The investigation, conducted by Citizen Lab and Motherboard following the mentions of ZecOps, revealed that the discovered domain was trying to trick iPhone users into they will install a fake version by WhatsApp.

The link to the download was at a page that looks very similar to the legitimate one, and included the WhatsApp brand and instructions on how to install the application. Actually, as Citizen Lab discovered, it was a file with a special configuration for iPhone devices.

The file allowed to obtain victim information, such as the UDID code, unique to each iPhone, or the IMEI identifier, which identifies each mobile device. However, from Citizen Lab they acknowledge that they were not able to discover what other data it collected.

The fake version of WhatsApp is actually spyware designed for users of the application on iPhone, but Motherboard indicates that they have not been able to identify who it was aimed at. Although they have linked it with Cy4Gate, an Italian cybersecurity firm that usually works with state agencies.

Second attack

This week, from the ESET laboratory, a new deception circulating on WhatsApp in several Latin American countries had been reported, in which the identity of the sports brand Adidas was again supplanted.

On this occasion, and continuing with the deceptions related to the Covid-19 pandemic, the campaign makes its victims believe that the sports brand is giving away masks reusable so that they subscribe to paid SMS services.

The first thing that one must analyze in these cases is the address (URL) to which the message is redirected. In this case, a service is being used to shorten URLs, which has already been used previously in other similar campaigns, such as the 135th anniversary of Coca-Cola.

As you might expect, clicking on the received link redirects you to another address that has nothing to do with the authentic Adidas site.

On this fraudulent site it is surprising that, suddenly, the number of masks ‘offered’ is rapidly decreasing. This is simply a fake animation on the site with the aim of making the victim rush to click on the hoax believing they will run out of the prize.

SL