WhatsApp is one of the widely used messaging platform in the recent days having both mobile and desktop app versions. Its been normal to see spam voicemail messages from spammers which goes directly to spam folder. However some do escape the spam folder very easily and ends up in users hands. The fate of the spam is decided by the user.
The recent ones have been very sophisticated where the users typically is asked to download a file to view the message or message asks to open a zipped file. As per one of the post on SANS, the author describes a sophisticated spam where the user location is used to downloaded the message and its name. This shows the level of sophistication
Here is an interesting lines from Johannes post on SANS
“the part that I thought was the most interesting was the executable you are offered as you download the emails. The downloaded file is a ZIP file, and the file name of the included executable is adjusted to show a phone number that matches the location of the IP address from which the e-mail is downloaded from.
Downloading the message from my home in Jacksonville, I get: VoiceMail_Jacksonville_(904)458abcd.exe . On the other hand, downloading it from a server whose IP’s geolocation commonly shows up in Wayne PA , the file name changes to VoiceMail_Wayne_(610)458abcd.exe. I obfuscated the last four digits of the phone number, but the last four digits appear random.”
Pic source : isc2.sans.edu
