Fake WhatsApp backup message delivers malware to Spanish speakers’ devices

Spanish authorities are warning of a phishing campaign that impersonates messaging service WhatsApp in an attempt to trick recipients into downloading a trojan.

Recipients are being urged to download copies of conversations and call histories from a location that offers only the NoPiques malware.

The NoPiques (“Do not chop”) trojan comes bundle in a .zip archive which, if opened and run on a vulnerable device, results in infection.

Believable phishing campaign

Dangerous emails typically come with the Spanish language subject line ‘Copia de seguridad de mensajes de WhatsApp *913071605 Nº (xxxxx)’, although this can vary.

Messages are written in grammatically correct Spanish, or at least with few errors – unlike many malware-peddling phishing messages in English and other languages.

The warning about the malware campaign comes from Oficina de Seguridad del Internauta (OSI) of the Spanish National Cybersecurity Institute (INCIBE).

The alert was promoted on social media by the Guardia Civil policing agency.

The Daily Swig asked OSI to estimate the possible number of victims caught out by the scam. No word back as yet, but we’ll update this story as and when more information comes to hand.

The latest attack follows a similar campaign that OSI warned about in March 2021.

The previous scam posed as messages from either WeTransfer, WhatsApp, Vodafone, the Spanish Ministry of Labor, or the Ministry of the Interior, but actually contained links that downloaded an (unnamed) trojan onto users’ devices.

OSI has published a YouTube video (see below) offering advice on how to spot scam phishing messages that pose as communiques from trusted organization, such as government agencies and internet services firms.

NOTE:: This is article is copyright by portswigger and we are used it for education or information purposes only.

Click Here to visit the official store of PortSwigger in Pakistan