March 10, 2015 By Douglas Bonderud 2 min read

Messaging service WhatsApp already boasts more than 700 million active users, according to USA TODAY, but the company isn’t stopping there. Over the past few months, some Android users reported receiving invitations for a limited-time trial for a WhatsApp calling feature. There’s been no official announcement from the company, but that hasn’t stopped malicious actors from cashing in. WhatsApp users are now being targeted by an SMS scam designed to load their phones with malware.

Reaching Out

According to a March 8 article from Tech2, WhatsApp users worldwide are at risk. It all starts with an SMS message inviting them to test the app’s new calling feature. The included link takes users to a survey page, where they’re asked to fill out a few questions before getting started. Instead, they’re prompted to download new software. Once installed, malicious code activates, infecting the device and sending out the same invite message to 10 contacts found on the user’s phone.

This isn’t the first time the popular messaging app has been targeted by malware authors. In January, users in South Africa reported SMS texts warning them that their WhatsApp version wasn’t up-to-date. Upon following the embedded link, a Web browser tab was opened to display a large green “continue” button. Unfortunately, it also contained fine print at the bottom of the page indicating the user accepted an additional monthly charge on his or her bill, in some cases totaling $16 per month.

In a nearly identical attack, the Gazon malware has been busily targeting Android devices with fake SMS messages promoting free Amazon gift cards. Instead, users are prompted to take a survey. Each page of the survey earns the creator money through advertising clicks and sends SMS messages to contacts that direct them to the same scam websites.

Getting the Message

Android-based malware is on the rise, and WhatsApp is just the latest target. In fact, according to Kaspersky Lab, the number of Android-based financial threats tripled in 2014. Apple users aren’t off the hook, either: While Android is the more popular SMS scam platform, security experts warn that 2015 could be a banner year for iOS malware as criminals double down on iPhone and iPad attacks.

For mobile users, this means that if it seems too good to be true, it absolutely is. An invite to the as-yet-unannounced WhatsApp calling beta? Scam. Free Amazon gift card? Scam. Dire warnings about necessary updates or a limited-time offer? Scam. Avoiding these issues requires a very specific response: Don’t engage, don’t text back, don’t click the link and don’t download any new content. Gone are the days of secure mobile devices; now is the dawn of the smartphone-savvy cybercriminal.

Users must get the message or pay the price. The WhatsApp calling feature invite is a scam, and what’s up is mobile SMS malware.

Image Source: Flickr

More from

How to craft a comprehensive data cleanliness policy

3 min read - Practicing good data hygiene is critical for today’s businesses. With everything from operational efficiency to cybersecurity readiness relying on the integrity of stored data, having confidence in your organization’s data cleanliness policy is essential.But what does this involve, and how can you ensure your data cleanliness policy checks the right boxes? Luckily, there are practical steps you can follow to ensure data accuracy while mitigating the security and compliance risks that come with poor data hygiene.Understanding the 6 dimensions of…

2024 roundup: Top data breach stories and industry trends

3 min read - With 2025 on the horizon, it’s important to reflect on the developments and various setbacks that happened in cybersecurity this past year. While there have been many improvements in security technologies and growing awareness of emerging cybersecurity threats, 2024 was also a hard reminder that the ongoing fight against cyber criminals is far from over.We've summarized this past year's top five data breach stories and industry trends, with key takeaways from each that organizations should note going into the following…

Black Friday chaos: The return of Gozi malware

4 min read - On November 29th, 2024, Black Friday, shoppers flooded online stores to grab the best deals of the year. But while consumers were busy filling their carts, cyber criminals were also seizing the opportunity to exploit the shopping frenzy. Our system detected a significant surge in Gozi malware activity, targeting financial institutions across North America. The Black Friday connection Black Friday creates an ideal environment for cyber criminals to thrive. The combination of skyrocketing transaction volumes, a surge in online activity…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today