Messaging service WhatsApp already boasts more than 700 million active users, according to USA TODAY, but the company isn’t stopping there. Over the past few months, some Android users reported receiving invitations for a limited-time trial for a WhatsApp calling feature. There’s been no official announcement from the company, but that hasn’t stopped malicious actors from cashing in. WhatsApp users are now being targeted by an SMS scam designed to load their phones with malware.

Reaching Out

According to a March 8 article from Tech2, WhatsApp users worldwide are at risk. It all starts with an SMS message inviting them to test the app’s new calling feature. The included link takes users to a survey page, where they’re asked to fill out a few questions before getting started. Instead, they’re prompted to download new software. Once installed, malicious code activates, infecting the device and sending out the same invite message to 10 contacts found on the user’s phone.

This isn’t the first time the popular messaging app has been targeted by malware authors. In January, users in South Africa reported SMS texts warning them that their WhatsApp version wasn’t up-to-date. Upon following the embedded link, a Web browser tab was opened to display a large green “continue” button. Unfortunately, it also contained fine print at the bottom of the page indicating the user accepted an additional monthly charge on his or her bill, in some cases totaling $16 per month.

In a nearly identical attack, the Gazon malware has been busily targeting Android devices with fake SMS messages promoting free Amazon gift cards. Instead, users are prompted to take a survey. Each page of the survey earns the creator money through advertising clicks and sends SMS messages to contacts that direct them to the same scam websites.

Getting the Message

Android-based malware is on the rise, and WhatsApp is just the latest target. In fact, according to Kaspersky Lab, the number of Android-based financial threats tripled in 2014. Apple users aren’t off the hook, either: While Android is the more popular SMS scam platform, security experts warn that 2015 could be a banner year for iOS malware as criminals double down on iPhone and iPad attacks.

For mobile users, this means that if it seems too good to be true, it absolutely is. An invite to the as-yet-unannounced WhatsApp calling beta? Scam. Free Amazon gift card? Scam. Dire warnings about necessary updates or a limited-time offer? Scam. Avoiding these issues requires a very specific response: Don’t engage, don’t text back, don’t click the link and don’t download any new content. Gone are the days of secure mobile devices; now is the dawn of the smartphone-savvy cybercriminal.

Users must get the message or pay the price. The WhatsApp calling feature invite is a scam, and what’s up is mobile SMS malware.

Image Source: Flickr

More from

Most organizations want security vendor consolidation

4 min read - Cybersecurity is complicated, to say the least. Maintaining a strong security posture goes far beyond knowing about attack groups and their devious TTPs. Merely understanding, coordinating and unifying security tools can be challenging.We quickly passed through the “not if, but when” stage of cyberattacks. Now, it’s commonplace for companies to have experienced multiple breaches. Today, cybersecurity has taken a seat in core business strategy discussions as the risks and costs have risen dramatically.For this reason, 75% of organizations seek to…

How IBM secures the U.S. Open

2 min read - More than 15 million tennis fans around the world visited the US Open app and website this year, checking scores, poring over statistics and watching highlights from hundreds of matches over the two weeks of the tournament. To help develop this world-class digital experience, IBM Consulting worked closely with the USTA, developing powerful generative AI models that transform tennis data into insights and original content. Using IBM watsonx, a next-generation AI and data platform, the team built and managed the entire…

How the FBI Fights Back Against Worldwide Cyberattacks

5 min read - In the worldwide battle against malicious cyberattacks, there is no organization more central to the fight than the Federal Bureau of Investigation (FBI). And recent years have proven that the bureau still has some surprises up its sleeve. In early May, the U.S. Department of Justice announced the conclusion of a U.S. government operation called MEDUSA. The operation disrupted a global peer-to-peer network of computers compromised by malware called Snake. Attributed to a unit of the Russian government Security Service,…

How NIST Cybersecurity Framework 2.0 Tackles Risk Management

4 min read - The NIST Cybersecurity Framework 2.0 (CSF) is moving into its final stages before its 2024 implementation. After the public discussion period to inform decisions for the framework closed in May, it’s time to learn more about what to expect from the changes to the guidelines. The updated CSF is being aligned with the Biden Administration’s National Cybersecurity Strategy, according to Cherilyn Pascoe, senior technology policy advisor with NIST, at the 2023 RSA Conference. This sets up the new CSF to…