WhatsApp Wëb Trojan??
Say,
What damage does this do? I've posted the hyperlink accompanying the email message. The user was asked for a Gmail password and did enter it.
http://prikolna.netclient.info/img.php?kkny=744701&ki=5&cvyg=b9512d9fa351f5a55b77a82e2ef2543c&ww=2.7.1559&uebgnj=p2ucqKWioaAuoTk5p0OaoJScoP5wo20=
WhatsApp Wëb
Yoü have a new message
Detáils:
Datè: May 29, 2015, 4:21 am 53
Lënght: 43sec
111
Play
*If you cant opên this, move it to your "Inbox" folder.
to change that is now Change it with I can afford that I can buy
What damage does this do? I've posted the hyperlink accompanying the email message. The user was asked for a Gmail password and did enter it.
http://prikolna.netclient.info/img.php?kkny=744701&ki=5&cvyg=b9512d9fa351f5a55b77a82e2ef2543c&ww=2.7.1559&uebgnj=p2ucqKWioaAuoTk5p0OaoJScoP5wo20=
WhatsApp Wëb
Yoü have a new message
Detáils:
Datè: May 29, 2015, 4:21 am 53
Lënght: 43sec
111
Play
*If you cant opên this, move it to your "Inbox" folder.
to change that is now Change it with I can afford that I can buy
Never follow links you don't know who/what/why/how (I did research it though, just hopping around multiple questionable sites)
Also never input your Gmail password anywhere else than on official Google websites (check secure status of the website, the certificate lock icon in your browser)
Now, change gmail password.
Next, set up 2 way authentication (usually with codes or the Google Authentication app)
Just using plain logic though, whatsapp doesn't use external links for whatever service (in this case, the user was probably curious about the audio message, but HOW DID WHATSAPP KNOW HIS EMAIL ADDRESS as it only works with phone numbers). Next up, why would you ever input your passwords on external website? There's totally no valid reason for that. Educate the user to prevent future mishaps.
Also never input your Gmail password anywhere else than on official Google websites (check secure status of the website, the certificate lock icon in your browser)
Now, change gmail password.
Next, set up 2 way authentication (usually with codes or the Google Authentication app)
Just using plain logic though, whatsapp doesn't use external links for whatever service (in this case, the user was probably curious about the audio message, but HOW DID WHATSAPP KNOW HIS EMAIL ADDRESS as it only works with phone numbers). Next up, why would you ever input your passwords on external website? There's totally no valid reason for that. Educate the user to prevent future mishaps.
The msg is too instructive as to even shift to inbox as it deems it will be in the junk or spam box and even run active media which will download the actual payload trojan, then it is gameover as a whole. Recently, fake whatapps web is spreading torjan e.g. Zeus. See similar variant attempt cases
Also advised to
If you have received an email from WhatsApp recently, we urge you to not open it and to delete it immediately. The email is a hoax that contains malware.https://blog.avast.com/2014/01/23/whatsapp-bogus-email-tries-to-install-zeus-trojan-on-your-computer/
Within the last few days, an email with the subject line “Missed voice message” has spread with the sender name “WhatsApp Messenger.” The message asks recipients to “please download attached file,” a file named “Missed-message.zip.”
Also advised to
It is almost impossible to get rid of unwanted messages, however it is safer to access WhatsApp on the web from the official website located at https://web.whatsapp.com. So, users are recommended to refuse imitations and suspicious applications.
ASKER
No one brave enough to click link? Can it harm?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
if interested, can check out even the "I been pwned" snapshot directory to do a check on email account which may be lost due to pwned websites https://haveibeenpwned.com/
However, by entering their Gmail password, the user has likely given access to their Gmail account, assuming the email address that the spam was received on is also associated with the Gmail account.
I would get the user to change their Gmail password asap.
Finally, some sites try to install malware, whether it succeeded or not (if this site was one of them) would depend on your anti-virus, firewall and internet settings.