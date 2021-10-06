ESET, a company specializing in cyber threat detection, alerts to the circulation of a fake email that tries to make victims believe that the matter is an official communication from WahtsApp. Thus, the content invites people to download a backup copy of conversations and call history in the app.

The real purpose of the email, however, is to distribute a “banking trojan”, which is nothing more than a kind of malicious software that collects customers’ banking information.

As ESET explains, the email message includes an attachment called “Open_Document_513069.html”. This is an HTML file that contains a URL shortened by the bitly service. According to an analysis made to unravel the mystery of the attached HTML, when clicking on it, the person is redirected to a website where a file in “zip” format is downloaded. This zipped document contains an installer that downloads malicious software onto the machine.

After infecting the victim’s computer, the main purpose of the “banking trojan” is to steal the banking credentials through fake pop-ups that make the person believe that it is the official website of the bank they have an account with.

In addition, this type of unwanted software allows the attacker to perform other malicious actions on the computer, such as simulating mouse and keyboard actions, logging out the victim, blocking access to certain websites and even rebooting the machine.

According to data released by ESET, in the last 90 days, the adoption of the email that makes it look like an official WhatsApp communication was detected mainly in Spain, Mexico and Brazil.

“This does not mean that this is the same campaign that is circulating in these countries, but we also cannot rule out the possibility that this same social engineering strategy will not be used later in campaigns aimed at Latin American countries, so it is important to know for avoid falling into the trap if you receive an email with these characteristics”, comments Camilo Gutiérrez Amaya, head of the Security Laboratory at ESET América Latina.

