A new type of cyber attack detected in recent weeks robs its victims of WhatsApp accounts, taking advantage of the trust they have in their contacts, as warned by the cybersecurity company Check Point.
When a user changes phones and wants to transfer their WhatsApp account, the technology company sends an SMS authentication to the old phone number so that they can enter it in the new one.
This process allows you to change the WhatsApp application from one number to another. However, it is also the cybercriminal’s gateway to the victim’s account. “The first thing to know about this cyber attack is that the main asset for the cybercriminal is to take advantage of the victim’s trust,” says Check Point’s technical director for Spain and Portugal, Eusebio Nieva.
“It is for this reason that the way to carry out this attack is based on the fact that, previously, this cybercriminal has managed to attack one of the contacts of the victim in question and steal all the phone numbers he had,” he adds.
In this way, he obtains the victim’s number, which he uses to write to WhatsApp and request the SMS code for authentication. Then, posing as a known contact, he writes to the victim requesting the code, claiming that they were wrong to send it to him.
“The essential thing for this cyberattack is that the victim trusts the number that is speaking to him, because when he meets him he trusts. Simple, but effective,” the manager underlines.
The theft of a WhatsApp account opens the door to other attacks, for example, against the contacts you have on your phonebook. Thus, you can send an SMS with a link that redirects to a site with ‘malware’ or send a message via WhatsApp of the type “look how interesting, download it”, also with a malicious link.
However, it can also lead to the infection of the mobile device to gain access to different applications and the victim’s movements or to introduce a banking Trojan to the device to steal the bank details and thus obtain a financial benefit.
Recovering the account is not easy. “The only way would be by talking to WhatsApp to inform them of the theft of the account and for them to automatically cancel that account with that phone number,” explains the manager. In addition, it would be necessary to report what happened to the Civil Guard or the National Police so that they can monitor the phone and “check all possible communications that it has had with other users and minimize the victims.”
To protect against this type of attack, “the most important thing is that when a person receives an SMS they read it carefully”, Nieva says. “It is essential to bear in mind that you must be very careful with the codes that are sent and know that you never have to send a code that you receive to anyone, whatever they tell you or whoever is requesting it” , concludes.
