Security Researchers Discovers Dangerous WhatsApp Phishing Campaign That Impersonates Voice Messages

Researchers have brought forward an alarming discovery in regards to a WhatsApp phishing campaign that targets its voice messages.

The campaign is said to spread a malicious wave of misinformation and that includes the passing on of stealing malware.

According to reports, the phishing campaign has reportedly spread stealing malware forward to almost 27,655 different email IDs.

Moreover, it was even stated how the phishing campaign actually sneakingly aimed to lead recipients in a manner that never made them aware of the ordeal. This ended up with the addition of a malware infection that stole information while paving the way for theft.

Experts believe the malware does an excellent job at stealing information and is so widely distributed in today’s time through a number of different channels.

But what sorts of information do these campaigns get a hold of and how is a question on so many people’s minds.

Well, researchers revealed how intricately designed tools have a unique purpose and that includes targeting users’ account credentials that are already located inside both browsers as well as applications. Similarly, other common targets include computer files, wallets for cryptocurrency, and more.

As far as the voice message targeting phishing campaigns is concerned, experts at Armorblox say these campaigns send out notifications as if they are from WhatsApp itself, usually in the disguise of a private message.

In that message, there’s a play button with a complete audio clip, accompanied by details of creation time.


You won’t find these messages flagged by the security system in your email and that’s being considered one of the biggest drawbacks of phishing actors and their malicious intent. This has to do with hackers secretly altering the domain so that they can market their purpose. Unknowingly, WhatsApp takes part.

Once you open the message, you’re directed to a website and tricked into pressing the allow button. And once that’s done, you get subscribed to so many unwanted notifications including scams and malware.

Tech experts believe this is a simple way to confuse those users who are not cautiously aware of the consequences of their online actions.

So, how can one actually protect themselves? Well, the answer is pretty straightforward.

Always take your time and look at the potential signs in front of you. Phishing attempts have clear tags of fraud attached that will make dubious claims. Hence, your safest bet is to never jump in and allow for action, no matter what message you may receive. Also, make regular visits to the official app or any website instead of pressing an unknown URL.

Read next: New Alarming Reports Say The US Is Leading As A Hotspot Destination For Cybercrime
Previous Post Next Post