New hoax with WhatsApp: they offer 50GB of free internet for the supposed anniversary of the Meta app

WhatsApp is one of the most used messaging services in the world and, therefore, it is a very attractive hook that cyberattackers seek to exploit to orchestrate deception.

On this occasion, a new malicious campaign was identified in that application: it seeks to make users believe that WhatsApp celebrates its anniversary and gives away 50GB with mobile data to surf the Internet, but it is all a hoax, according to the cybersecurity company Eset.

Victims not only fail to obtain the promised data but they end up providing attackers with their phone number and are redirected to other sites that seek to install adware on their devices.

The message includes a link that leads to a page that, as seen in the shared images, has nothing to do with the official website of the messaging app, although it does use the name to give it a legitimate appearance.

To add another layer of “truth”, the site includes fake comments from other users who claim to have won the promised prize. This is a technique widely used in this type of fraudulent scheme.

If the user goes ahead and clicks the button indicated on the page, a field will appear where they will be asked to enter the phone number to verify if they are eligible to access the alleged benefit of the 50GB.

Once the victim enters their number and presses “send”, no matter what number they have placed, a message will appear asking to share the benefit with 12 WhatsApp contacts or groups. Always with the false promise that after sharing the message the 50GB will be credited to your line.

The system then requests another step to access the alleged benefit. It is also clarified that if you go ahead you will get not only the 50GB but other additional prizes.

If the user falls into the trap and clicks, he will be redirected to other pages that ultimately recommend the installation of different extensions for the browser whose reputation is unknown.

On the other hand, it should be noted that it is not known for certain that the extension mentioned is the one that will finally be downloaded, since it is not the official repository of extensions for Google Chrome. These extensions are actually adware; that is, malicious programs that display unwanted advertising on the user's computer.

In addition to extensions of dubious reputation, other pages appear in the process of redirecting this campaign. One of them opens a notification in the browser requesting permissions to verify that it is not a robot. If the user grants permissions, browser notifications will be triggered and unwanted advertising will begin to be displayed on the computer, warning, for example, that the user must install a security solution because malicious code has been detected on the computer.

The purpose of these ads is for the victim to download additional software that could even download malware onto the computer. As you can see, this is a deception of different levels. The level of inconvenience that the user will experience depends on how far they continue to click.

“The circulation through WhatsApp of this type of fraud referring to the anniversary of a well-known brand is very common. Over the last few years we have reported a large number of similar campaigns in which they pretend to be big companies to offer supposed gifts on the occasion of the supposed anniversary celebration. However, they are frauds that seek to attract users with benefits that are generally too good to be true,” said Camilo Gutiérrez Amaya, Head of the Research Laboratory of Eset Latin America, in the statement released by the entity.

Recommendations

1. Be wary of all kinds of profit promises that require clicking on a link, entering data on a page where the link redirects or downloading attachments.

2. Keep the device always up to date because with each update comes security patches that protect against identified and reported vulnerabilities.

3. Do not circulate messages that arrive on different messaging platforms if the content was not verified to be true

4. In the case of offers and benefits, always check with the company in question to see if it is something genuine or not

5. Use different passwords for all accounts and enable the second factor of authentication.

6. Have a security solution that works as an additional barrier

7. Download apps only from official stores such as Google Play or Apple Store.

KEEP READING: