Whatsapp Gold Scam Is Trying
to Trick Whatsapp Users

Users of popular messaging app, WhatsApp, are being warned of a new scam where they are tricked into downloading an apparently exclusive version of the app, called ‘WhatsApp Gold’. In fact, installing this will infect user’s mobile devices with malware. What do experts have to say about this particular trouble?

screenshot_2785

Adam Vincent, CEO at ThreatConnect:

The general public needs to appreciate that criminals use social engineering, using tricks to get them to break security best practices, to their advantage at every opportunity. Social engineering can come in the form of pretending to be a loved one or your credit card company, or in this case, promising them an elite, secret status. To prevent from being trapped in one of these scams, consumers should know to do at least these three things:

  1. Never click on a link in a message from someone you don’t know. You definitely should only go to trusted sites like Play Store, app store or the providers website.
  2. Do a quick Google search to check to see if the offer or email is real. When a scam is out there, you may be able to find out.
  3. Question everything. Criminals are very good at making messages look like they are from a real company, or even worse, a loved one. So, keep your eyes out for clues as to whether the message is trustworthy – typos, slightly different email addresses or website addresses, and unusual wording are all indicators that the message may be from a criminal.

If you are unfortunate enough to be a victim of a scam, turn to the experts to get help. Go to your mobile service provider and ask for help getting your phone scrubbed of malware. Then, ask for help setting up safeguards so it doesn’t happen again. We’re all in this together. Don’t be ashamed of being a victim. Ask for help and stop the spread of the problem as quickly as possible.

Paul Fletcher, Cyber Security Evangelist at Alert Logic:

What should people do if they’ve installed it and their phone has been compromised?

The best option is to perform a restore from the latest backup.  If it’s been a while since a user’s last backup operation, this may cause some issues, but at least it will return their device to a known uncompromised state.  If a normal restore is not an option, the next best course of action is to perform a factory default restore.  This may take time to complete the restore and add back all their data and apps, but at least they remove this threat.

How can they stop this from happening in the future?

Upgrading apps and operating systems are generally a good security practice, however we should all verify the update as legitimate before updating software.  Also, it’s always a best practice to read what the updates include before completing the installation.

David Gibson, VP of Strategy and Market Development at Varonis:

In general, it is difficult for most iPhone users to install software on their phones outside of what’s available on the app store. It seems as if this particular scam is tricking iPhone users into handing over their account credentials, rather than tricking them into downloading malicious code. If you’ve fallen for this scam and your AppleID credentials have been stolen, change your password and enable multi-factor authentication as quickly as you can. If you’ve got a jailbroken phone, or you think you’ve really downloaded malicious third party code, then it might be best to reset the phone to factory defaults and restore it from a prior backup.

Lane Thames, Software Development Engineer and Security Researcher at Tripwire:

If a user installs a malicious application, I usually recommend doing a factory reset for mobile devices. In fact, I follow this principle for any type of infected computing device, i.e., laptop, desktop, server, etc. This is because it is often very hard to completely remove all remnants of a malicious application once it is installed. In most cases, it is better to be safe than sorry.

Mobile users should consider taking advantage of various cloud technologies so that their data gets partially decoupled from their physical devices. Yes, there are risks for using cloud services, but to date, using cloud services to decouple data from their devices is not only convenient but also provides ease of use, redundancy, and other benefits. Using this type of mobile model, users can safely recover from the impact of a malicious installation that might require a factory reset. Crime organizations will continue to focus on mobile targets for the foreseeable future. Mobile users must remain vigilant and should carefully research any type of ad, notification, email alerts, links, etc. coming into their devices via channels such as SMS, MMS, social media, and especially the web.

Mark James, Security Specialist at ESET:

What should people do if they’ve installed it and their phone has been compromised?

If you have actually installed the app you need to uninstall it immediately. If you have not already, I would advise you to install a good internet security product and run a full device scan of your android device. Also, limit any financial or social networking activity on this device until you are completely confident your device is not compromised. You may need to consider a full device reset if you use online banking from this device. If you have not actually clicked any links and are only seeing this message I would advise you delete the message immediately and only download applications from sources you trust.

How can they stop this from happening in the future?

Making sure you have a good regular updated internet security product and ensure you only download applications from trusted sources will help you to keep safe. If you get an option ‘out of the blue’ to install something new, take a few minutes to  go and research the app and the source; other reviews and information from users are a great way of identifying scams and potential threats.

Giovanni Vigna, Co-Founder and CTO at Lastline:

The problem with these types of scams is that they do not target the platform, but instead they target the user. As Google and Apple have deployed more secure phone operating systems and more strict checks in their markets, cyber criminals have moved to social engineering attacks of all kinds. In addition to promises of “enhanced versions” of popular applications, we have seen applications simply trying to pose as different ones. This is possible because on phones we do not have effective mechanisms to understand which application is actually responsible for capturing the input that we see on the screen. Nothing prevents a recently downloaded application to simply display a login window on the phone that looks exactly as, for example, a Facebook login page that steals the user’s credentials.

David Jevans, VP of Mobile Security at Proofpoint:

What should people do if they’ve installed it and their phone has been compromised?

If you have been compromised, delete the malicious app. Then, from another device, change all your online passwords. If you fear that your device has been jail broken or rooted by a malicious app, you should wipe your device, reinstall a fresh operating system, and restore your data from a backup that was taken before you downloaded the malicious app.