WhatsApp voicemail phishing attack targets nearly 28K organizations
Researchers on Monday reported on a WhatsApp voicemail phishing attack from Russia that targeted nearly 28,000 organizations across healthcare, education and retail.
In a blog post, Armorblox researchers said the attacks combine the following techniques: social engineering, brand impersonation, exploiting a legitimate domain, and replicating an existing business email workflow to get victims to click on the “Play” button to view the allegedly secure email message. Once the victim clicks on the “Play” link in the email, they are redirected to a page that attempts to install a trojan horse, JS/Kryptik.
The researchers said the domain of the email sender was “mailman.cbddmo.ru,” a legitimate domain associated with an agency in Russia’s Ministry of Internal Affairs that provides assistance to road safety operations. The Armorblox researchers theorize that “it’s possible” the attackers exploited a depracated or old version of this agency’s parent domain to send the malicious emails. They said the emails did pass all SPF and DMARC authentication checks.