Attackers are sending e-mails to distribute malware when the user clicks the message.
By inspecting the address sending the emails, recipients can see WhatsApp is not real the sender. Every subject line ends with random characters such as “Ydpda” and “xgod.” The random characters are likely used to encode data and identify the recipient.
The attachment has a compressed file holding the executable malware. It is a “Nivdort” family variant. It typically replicates itself into different system folders and adds into an “auto-run” in the registry of the computer.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now