Cybersecurity experts spotted a cunning phishing scheme that led to more than 27,000 mailboxes across Microsoft Office 365 and Google Workspace being hit by a WhatsApp voicemail spoof with a link to an info-stealing malware.
Email security company Armorblox discovered the phishing attack masquerading as a secure message from WhatsApp, stating that the user received a “New Private Voicemail.” The spoofed email invited unsuspecting victims to click the “Play” button, which redirects them to a page attempting to install malicious trojan horse JS/Kryptik.
After confirming users “are not a robot,” the info stealer malware can be installed, which steals sensitive information stored in the victim’s browser. According to the report, the email sender’s domain comes from “mailman.cbddmo.ru.” This is linked to a “Center For Road Safety of the Moscow Region” page. The hackers may have used an old version of the domain to bypass email authentication checks.
The email phishing campaign targeted organizations across healthcare, education, and retail sectors, attacking around 27,660 customers across Office 365 and Google Workspace. The threat actors used multiple techniques to sneak past security, such as exploiting a legitimate domain, brand impersonation, and social engineering.
“The context for the email attack replicates workflows that already exist in our daily work lives (getting email notifications of a voicemail),” said Armorblox’s Lauryn Cash. “When we see emails we’ve already seen before, our brains tend to employ System 1 thinking and take quick action. The email content even had every victim’s first name filled in to increase the feeling of legitimacy and the chances of follow-through.”
Despite Microsoft’s and Google’s security measures, it’s a good idea to keep an eye on suspicious emails. WhatsApp never sends notification emails, which is already a red flag in this phishing attempt. To prevent these attacks from happening or stop threat actors in their track, using multi-factor authentication, the best password managers, and the best antivirus apps will boost your security while online. Speaking of which, six ‘antivirus’ apps were caught spreading malware that steals banking info and you can check out the culprits.
