A malicious message spread by WhatsApp pretends that the victims of this deception believe that the airline Iberia is giving away 5,000 tickets to travel to Europe, reported ESET Latin America, a malware detection company threats.
The objective of this campaign is that users enter a link that is not related to the airline and download an application of dubious reputation that harms the proper functioning of smartphones. Iberia confirmed that the message is a hoax.
How the scam works
Once users access the link that was sent to them by WhatsAppare redirected to a Web page that makes malicious use of Iberia’s image in which it is requested to complete a survey. This modality is very common in scams that circulate through the app instant messaging, ESET said.
To provide credibility, the Web page includes false comments from supposed beneficiaries of the airfarewho do not really exist but are false avatars scheduled to appear on the site.
After completing the poll, the processing of the data is simulated before moving on to the next stage: a game in which the victim must select, among several boxes, the one that contains the supposed prize. Regardless of the option chosen, after the second attempt a message will inform the user that they won.
As an additional requirement, the user is asked to share the “raffle” with their contacts through WhatsApp in order to receive the prize. This is what causes the cheated become massive in a short period of time.
However, after going through the whole process, users are redirected to another website where they are notified that the telephone is not working properly and it is recommended download an app with the purpose of optimize the device.
Even if the download is not accepted, the victims are redirected to google play to download the application named Velvet Phone Cleaner & Booster.
User feedback indicates that the app constantly displays ads even when it is not open. However, depending on the geographical area in which the victim is located, the malicious campaign instead of leading to the download of an app, it may direct potential victims to sites of subscription Payments.
Camilo Gutiérrez Amaya, Head of the ESET Latin America Research Laboratory, comments that even though it is recommended to only download applications from official stores such as google play either app store as part of a security practice, however this is not enough to keep the device secure.
“It is true that Google applies security filters to prevent malicious applications from reaching the store, something that guarantees greater security compared to repositories without reputation, also the cybercriminals they manage to place their applications in the official stores”, said Gutiérrez.
He also indicated that recently, ESET Latin America alerted users about apps in google play which are used to distribute the malware Joker, and that “applications that promise to clean or improve phone performance, or even security, are often used to distributer invasive advertising in the users’ equipment and in this way the operators monetize these deceptions”.