A spam email campaign claiming to provide WhatsApp for PC download is circulating on the web and according to security experts it spreads banking Trojan with low detection rate.
WhatsApp, the messaging app that boasts of a whopping 430 million monthly active users, is available for all mobile platforms. The company hasn’t released it for desktops yet, but the term ‘whatsapp for pc’ was one of the most search items on Google across the globe for 2013 (as per Google insights). This is what scammers are probably targeting with their latest spam campaign.
According to a report on Kaspersky Securelist, a spam email in Portuguese is doing rounds on the web stating that WhatsApp for PC is finally available for download and the user has a certain number of pending invitations from friends.
If and when the user clicks on the link within the email, he / she is directed to a server in Turkey, which then redirects to a Hightail (Yousendit) account. This is when the initial Trojan is downloaded notes Dmitry Bestuzhev, a Kaspersky Lab Expert. The file pretends to be a 64-bit app, but is actually a 32-bit Trojan downloader with a moderate detection rate.
“This downloader has some anti-debugging features like: UnhandledExceptionFilter() and RaiseException() and once running, it downloads a new Trojan that is banker itself”, notes Bestuzhev in the blog post.
The new banking Trojan is coming from a server hosted in Brazil and has a low detection rate [Virus Total: 3/49]. The security researcher says that the Trojan has anti-debugging features making it harder to carry out analysis and is written in Delphi XE5 from Embarcadero.
Once the Trojan is running, it connects itself to the cyber criminal’s console and opens port 1157 to send back the harvested data.
