New deception with WhatsApp: they offer 50GB of free internet for the course anniversary of the Meta app

WhatsApp is one of the most used messaging services in the world and therefore, it is a very attractive hook that cyber attackers seek to exploit to orchestrate deception.

On this occasion, a new malicious campaign was identified in that application: It seeks to make users believe that WhatsApp celebrates its anniversary and gives away 50GB of mobile data to browse the Internet, but it is all a hoaxor, as warned by the cybersecurity company Eset.

Victims not only don’t get the promised data but end up providing the attackers with their phone number and are redirected to other sites looking to install adware on their devices.

The message includes a link that leads to a page that, as seen in the shared images, has nothing to do with the official site of the messaging appalthough it does use the name to give it a legitimate appearance.

To add another layer of “truth”, the site includes fake comments from other users who claim to have won the promised prize. This is a technique widely used in this type of fraudulent schemes.

If the user goes ahead and clicks the button indicated on the page,a field will appear where you will be asked to enter the phone number to verify if you meet the conditions to access the supposed benefit of 50GB.

Once the victim enters their number and presses “send”, regardless of the number they have placed, a message will appear requesting to share the benefit with 12 WhatsApp contacts or groups. Always with the false promise that after sharing the message the 50GB will be credited to your line.

The system then requests another step to access the supposed benefit. It is also clarified that if you go ahead you will get not only the 50GB but also other additional prizes.

If the user falls for the trap and clicks, he will be redirected to other pages that ultimately recommends the installation of various browser extensions whose reputation is unknown.

On the other hand, It should be noted that it is not known for sure that the mentioned extension is the one that will finally be downloaded., since it is not the official repository of extensions for Google Chrome. These extensions are actually adware; that is, malicious programs that display unwanted advertising on the user’s computer.

In addition to dubious extensions, other pages appear in the redirection process of this campaign. One of them opens a notification in the browser requesting permissions to verify that it is not a robot. If the user grants permissions, browser notifications will be activated and unwanted advertisements will begin to be displayed on the computer, warning, for example, that the user needs to install a security solution because malicious code has been detected on the computer.

The purpose of these advertisements is to make the victim download additional software that could even download malware onto the computer. As you can see, it is a deception of different levels. The level of inconvenience the user will experience will depend on how far they continue to click.

“The circulation through WhatsApp of this type of fraud referring to the anniversary of a well-known brand is very frequent. Over the last few years we have reported a large number of similar campaigns in which they pose as large companies to offer supposed gifts on the occasion of the alleged anniversary celebration. However, they are scams that seek to lure users with benefits that are often too good to be true”, commented Camilo Gutiérrez Amaya, Head of the Research Laboratory of Eset Latin America, in the statement released by said entity.

recommendations

1. Do not trust all kinds of promises of benefits that require clicking on a link, entering data on a page where said link redirects or downloading attachments.

2. Always keep the device updated because with each update comes security patches that protect against identified and reported vulnerabilities.

3. Do not circulate messages that arrive through different messaging platforms if the veracity of the content was not verified.

4. In the case of offers and benefits, always check with the company in question to see if it is something genuine or not

5. Use different passwords on all accounts and activate the second factor of authentication.

6. Have a security solution that works as an additional barrier

7. Download apps only from official stores like Google Play or Apple Store.

:

Exit mobile version