The CheckPoint company warns that this new modality is aimed at users who change cell phones and transfer their data from one device to another.
A new type of cyber attack detected in recent weeks robs its victims of WhatsApp accounts, taking advantage of the trust they have in their contacts, as warned by the cybersecurity company Check Point.
When a user changes phones and wants to transfer their WhatsApp account, the technology company sends an SMS authentication to the old phone number so that they can enter it in the new one.
This process allows you to change the WhatsApp application from one number to another. However, it is also the cybercriminal’s gateway to the victim’s account. “The first thing to know about this cyberattack is that the main asset for the offender is to take advantage of the victim’s trust,” says Check Point’s technical director for Spain and Portugal, Eusebio Nieva.
“It is for this reason that the way to carry out this attack is based on the fact that, previously, this cybercriminal has managed to attack one of the contacts of the victim in question and steal all the phone numbers he had,” he adds.
In this way, it gets the number that the victim uses to write to WhatsApp and requests the SMS code for authentication. Then, posing as a known contact, he writes to the victim requesting the code, claiming that they were wrong to send it to him.
“The essential thing for this attack is that the victim trusts the number that is speaking to him because when he meets him he trusts. Simple, but effective ”, emphasizes the manager.
The theft of a WhatsApp account opens the door to other attacks, for example, against the contacts you have on your phonebook. Thus, you can send an SMS with a link that redirects to a site with ‘malware’ or send a message via WhatsApp such as “look how interesting, download it”, also with a malicious link.
However, it can also lead to the infection of the mobile device to gain access to different applications and the victim’s movements or to introduce a banking Trojan to the device to steal the bank details and thereby obtain a financial benefit.
Recovering the account is not easy. “The only way would be by talking to WhatsApp to inform them of the theft of the account and for them to automatically cancel that account with that phone number,” explains the manager. In addition, it would be necessary to report what happened to the competent authorities so that they can monitor the phone and “check all possible communications that it has had with other users to minimize the victims.”
To protect against this type of attack, “the most important thing is that when a person receives an SMS they read it carefully,” says Nieva. “It is essential to bear in mind that you must be very careful with the codes that are sent and know that you never have to send a code that you receive to anyone, whatever they tell you or whoever is requesting it”, concludes.