ESET lab confirmed that he has received several reports about the message that comes through WhatsApp inviting new colors access to social networks with one click. Security companies are looking at what is behind this deceit, which seeks to fill mobile advertising.
As often happens in such companies, the reference reacts differently when you click from a mobile phone or a web application WhatsApp.
In the case of access to the computer network via WhatsApp, which invites the user to install the extension Google Chrome, which is called Black Theme for Whatsapp, which will change the application to a darker color. It was also noted that the message of the Portuguese language, in contrast to the original message in Spanish, which can be a sign that the company initially sought victims in Brazil and only worked to translate some of the key messages.
This extension can be found in the Chrome Web Store, and represents a significant number of downloads; which gives an idea of the scale of the company.
In the case where the unsuspecting user to install the extension and open your WhatsApp web session automatically send a message to the entire list of active chats inviting color change applications.
In addition to the & # 39 are messages in different languages to send in an application to the various components that make up the message, including the image. They are also a variety of URL-addresses, which may be associated with the message that builds randomly, as the messages are sent.
Even if the user determines that there is, and closes the browser window, the action does not stop, because the phone itself, which sends messages.
This particular functionality shows the strategy used by hackers to spread quickly and effectively these companies and get more coverage. Posts assumption for all your contacts, if the message is deliberately not share.
On the other hand, with the & # 39 is a message prompting the user to share the app with friends 30 or 10 groups to achieve the possibility of changing the color, if you open a link in a conventional manner from the cell.
Similarly, although not shared between contacts and want to move forward, the application requests to download APK best_video.apk call and activate the notification from the server located in Russia. If a potential victim let it all happen, the cell phone will be infected with Trojan something & # 39; it, advertising is distributed among Android users.
The application is installed on the device, but does not leave any traces of the installation, since the icon is hidden and only activated if the user starts to navigate the user to reflect the advertising banners related to various legal advertising services; but the user is not clear what resources are being used for such action.
"If the protection against these types of threats that use social engineering strategies that seek to entice a user to open a link with an attractive promise involved, as in this case, personalize WhatsApp, who always remember, this room will never have access to links that come us for any digital media, even if we get through a known contact. "Said Camilla Gut & # 39; ERES, Head of Research Laboratory of ESET Latin America.
In these cases, the first thing you should do is to check the accuracy of the connection, for example, to consult with the contact who sent the message, in this case the color change WhatsApp-, when in fact this is what consciously or divided it has become a victim of fraud and he sent the unintended spread. In addition, you must have a security solution installed on your phone to make trouble in the presence of links or downloading potentially harmful content.