IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Hackers are using fake messages to break into WhatsApp accounts

Hackers are posing as friends to gain users' trust

WhatsApp chat on a smartphone screen

WhatsApp users have been warned of a scam that involves a hard-to-spot malicious message that appears to come from someone on your contact list. 

The scam works when hackers send a user a code via text on their smartphone, followed by a WhatsApp message from someone on their contact list. When the “friend” asks the recipient to share the code, the hacker can easily access their WhatsApp account.

Researchers observed similar attacks earlier this year, but it seems users are once more in hackers’ sights.

Burak Agca, a security engineer at Lookout, told ITPro the incident reflects how easy it is for attackers to acquire users' first factor of authentication, username, and password. 

“Messaging apps present a number of challenges to individuals and corporate data security. The rise of significant data breaches across high profile organizations is providing threat actors with vast pools of user accounts to exploit via phishing attacks on messaging apps using those stolen credentials,” Agca said. 

Related Resource

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

How to manage security risk and compliance - whitepaperDownload now

“Added to that, we see seismic events like the pandemic driving mobile device usage, and high-profile incidents such as the personal information of members of Parliament from the UK Conservative party app in recent years, further exacerbating the issue.”

Agca added that iOS and Android devices had harbored a significant security gap recently, creating a lack of protection from exposure to malicious links across emails, web pages, apps, SMS, and WhatsApp.

“That gap led to a proliferation of 'surveillanceware' delivered via exploitation of messaging server infrastructure, chained with mobile app and operating system vulnerabilities, resulting in a catastrophic failure in the onboard security measures in place. On average, 40% of versions of WhatsApp used by enterprises are vulnerable. That represents a significant gap in mobile security where patch management solutions focused on mobile devices are not in place,” said Agca.

The news comes as Check Point researchers warned of a new type of malware in the Google Play store that can automatically reply to all incoming WhatsApp messages with messages containing malicious links or text.

By replying to incoming WhatsApp messages with a payload from a command-and-control (C&C) server, a hacker could distribute phishing attacks, spread further malware, spread false information, or steal credentials and data from users’ WhatsApp accounts and conversations.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Meta launches free WhatsApp Cloud API
cloud management

Meta launches free WhatsApp Cloud API

20 May 2022
Mastering endpoint security implementation
Security

Mastering endpoint security implementation

18 May 2022
The Total Economic Impact™ of Apple Mac in Enterprise: M1 update
Whitepaper

The Total Economic Impact™ of Apple Mac in Enterprise: M1 update

12 May 2022
Dell Technologies World 2022: Dell unveils fastest storage architecture in company history
Server & storage

Dell Technologies World 2022: Dell unveils fastest storage architecture in company history

4 May 2022

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security
Careers & training

(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security

17 May 2022