Fake "new voicemail" notification targets Android WhatsApp users
Posted on 16.09.2013
Malware peddlers have decided to bank on the popularity of the WhatsApp cross-platform IM app for smartphones in order to get users to install malicious apps on their devices, Trend Micro researchers warn.

The attack starts with a fake WhatsApp notification delivered via email, claiming that the user has received new voicemail:

Pressing the Play button will redirect users to different malicious sites depending on which device they use to view the email.

In the case of PC users, they will be taken to a site that warns them that they should download an update for their browser. Fortunately for them, the offered browser_update_installer.jar file is a Java file for the mobile version, and can't do much damage on a PC.

iPhone users that haven't jailbroken their devices are likewise safe, because the downloaded app can't be installed from a source that isn't Apple's official app store.

Android users are obviously the primary target, as they are urged to download the browser_update_installer.apk file disguised as a browser named “Browser 6.5”.

When started, the "app" tries to make the user agree with the terms of the download to continue. Unfortunately, if they do that the app will send text messages to specific premium rate phone numbers, and will also try to convince them to download another app malicious app.


Bash Shellshock bug: More attacks, more patches

Posted on 29 September 2014.  |  As vendors scramble to issue patches for the GNU Bash Shellshock bug and companies rush to implement them, attackers around the world are probing systems for the hole it opens.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Tue, Sep 30th