Analysis by: Michael Angelo Casayuran

Facebook has recently announced its acquisition of popular application, WhatsApp. Spammers are quick to leverage this news and create spammed messages that lead to a malware. The spam sample we spotted is written in Portuguese language and when translated, contains information introducing WhatsApp as a cross platform messaging application. Furthermore, the email message mentions that an update for the said application after its acquisition to Facebook is already available. A download link is also provided in the mail sample which when clicked will download a malicious executable file with filename, whatsapp.2014_beta2.3_338771.exe detected as TROJ_APDOWN.A.

In the past, we reported similar incidents where fake messaging apps are used as social engineering lure to trick users into executing a malicious file on the system. We advised users to be wary on this type of email messages to avoid system infection and information theft. Trend Micro protects users from this threat via detecting the malicious file and spammed message.

 SPAM BLOCKING DATE / TIME: February 22, 2014 GMT-8
 TMASE INFO
  • ENGINE:
  • PATTERN:0526