WhatsApp voicemail spoof hit more than 27,000 emails — steals user credentials

WhatsApp on iPhone
(Image credit: Dimitri Karastelev / Unsplash)

Cybersecurity experts spotted a cunning phishing scheme that led to more than 27,000 mailboxes across Microsoft Office 365 and Google Workspace being hit by a WhatsApp voicemail spoof with a link to an info-stealing malware.  

Email security company Armorblox discovered the phishing attack masquerading as a secure message from WhatsApp, stating that the user received a "New Private Voicemail." The spoofed email invited unsuspecting victims to click the "Play" button, which redirects them to a page attempting to install malicious trojan horse JS/Kryptik. 

After confirming users "are not a robot," the info stealer malware can be installed, which steals sensitive information stored in the victim's browser. According to the report, the email sender's domain comes from "mailman.cbddmo.ru." This is linked to a "Center For Road Safety of the Moscow Region" page. The hackers may have used an old version of the domain to bypass email authentication checks. 

WhatsApp spoof email example via Armorblox (Image credit: Armorblox)

The email phishing campaign targeted organizations across healthcare, education, and retail sectors, attacking around 27,660 customers across Office 365 and Google Workspace. The threat actors used multiple techniques to sneak past security, such as exploiting a legitimate domain, brand impersonation, and social engineering.

"The context for the email attack replicates workflows that already exist in our daily work lives (getting email notifications of a voicemail)," said Armorblox's Lauryn Cash. "When we see emails we’ve already seen before, our brains tend to employ System 1 thinking and take quick action. The email content even had every victim’s first name filled in to increase the feeling of legitimacy and the chances of follow-through."

Despite Microsoft's and Google's security measures, it's a good idea to keep an eye on suspicious emails. WhatsApp never sends notification emails, which is already a red flag in this phishing attempt. To prevent these attacks from happening or stop threat actors in their track, using multi-factor authentication, the best password managers, and the best antivirus apps will boost your security while online. Speaking of which, six 'antivirus' apps were caught spreading malware that steals banking info and you can check out the culprits. 

Darragh Murphy

Darragh Murphy is fascinated by all things bizarre, which usually leads to assorted coverage varying from washing machines designed for AirPods to the mischievous world of cyberattacks. Whether it's connecting Scar from The Lion King to two-factor authentication or turning his love for gadgets into a fabricated rap battle from 8 Mile, he believes there’s always a quirky spin to be made. With a Master’s degree in Magazine Journalism from The University of Sheffield, along with short stints at Kerrang! and Exposed Magazine, Darragh started his career writing about the tech industry at Time Out Dubai and ShortList Dubai, covering everything from the latest iPhone models and Huawei laptops to massive Esports events in the Middle East. Now, he can be found proudly diving into gaming, gadgets, and letting readers know the joys of docking stations for Laptop Mag.