Spam has evolved quite a lot, so has malicious software. As a matter of fact, spam serves malware by spreading it among users. In other words, spammers and cyber criminals work together towards maximizing the success of malicious operations. That is why, to increase their efficiency and span, recent spam campaigns often involve well-known and widely used applications and social pages. A WhatsApp-themed spam crusade has been just reported to distribute malware via fake messages, images, and audio and video files.
The increasing popularity of WhatsApp only makes it more prone to malicious exploitation, as more users are joining it on a daily basis. Furthermore, WhatsApp offers both a mobile application and a Web-based interface, which is a standalone invitation for cyber criminals.
According to information released by security experts at Comodo, a spam campaign delivering malware has just been detected. The spam emails typically contain various malicious attachments. The payload of the operation is the Nivdort Malware.
What Is Nivdort?
Nivdort is a none-sophisticated information stealer type of Trojan. It aims at collecting information about the victim’s machine. Stolen information is usually uploaded to a command and control server, and is often used in further malware infections. Information stealers are applied in malicious scenarios ending with banking Trojans, sophisticated spyware, point-of-sale malware, and even ransomware. Thus, if Nivdort sneaks into a system, it most likely will bring other malware.
Learn More about Nivdort and How to Remove it:
WhatsApp Users, Beware, a Luring Subject Line!
Security experts warn that modern spam campaigns are quite successful because of luring subject lines. As reported by Comodo, subjects of the current WhatsApp spam campaign contain information such as:
– You have obtained a voice notification;
– An audio memo was missed;
– A brief audio recording has been delivered;
– A short vocal recording was obtained;
– A sound announcement has been received;
– You have a video announcement;
– A brief video note got delivered;
– You’ve recently got a vocal message.
As visible, the subject lines are tricking users into executing other actions that include multimedia content. No wonder that security experts now refer to spammers as to marketers, malicious marketers indeed.
To stay away from spam, WhatsApp users should be very careful and double check the sender of any email they receive. In addition, users should note that WhatsApp is not known to send notifications by email.
Important! Anti-Apam Security Tips
- Employ anti-spam software, spam filters, aimed at examining incoming email. Such software serves to isolate spam from regular emails. Spam filters are designed to identify and detect spam, and prevent it from ever reaching your inbox. Make sure to add a spam filter to your email. Gmail users can refer to Google’s support page.
- Don’t reply to dubious email messages and never interact with their content. Even an ‘unsubscribe’ link within the message body can turn out to be suspicious. If you respond to such a message, you will just send a confirmation of your own email address to cyber crooks.
- Create a secondary email address to use whenever you need to register for a web service or sign up for something. Giving away your true email address on random websites is never a good idea.
- Your email name should be tough to crack. Research indicates that email addresses with numbers, letters and underscores are tougher to crack and generally get less spam emails.
- View your emails in plain text, and there’s a good reason why. Spam that is written in HTML may have code designed to redirect you to unwanted pages (e.g. advertising). Also, images within the email body can be used to ‘phone home’ spammers because they can use them to locate active emails for future spam campaigns. Thus, viewing emails in plain text appears to be the better option. To do so, navigate to your email’s main menu, go to Preferences and select the option to read emails in plain text.
- Avoid posting your email address or a link to it on web pages. Spam bots and web spiders can locate email addresses. Thus, if you need to leave your email address, do it as it follows: NAME [at] MAIL [dot] com or something similar. You can also look for a contact form on the website – filling out that form shouldn’t reveal your email address or your identity.