Media reports abound of WhatsApp users being targeted with invitations to download a ‘gold’ version of the app, which then infects a device with malware.
The app promises features such as video calling and the ability to send more than 100 pictures at a time. It claims it can only be downloaded via an invite, and entices users by claiming it is used “only by big celebrities”.
If the user makes the mistake of clicking on the invitation link, their device will be infected by malware, and hackers may be able to steal their data or track phone activity.
Reports say the ‘gold’ trick is similar to a previous scam, which prompted users to download ‘WhatsApp Plus’.
Giovanni Vigna, co-founder and CTO at security firm Lastline, said: “The problem with these types of scam is that they do not target the platform (that is, a vulnerability in the Android or iOS operating system), but, instead, they target the user.”
“As Google and Apple have deployed more secure phone operating systems and more strict checks in their markets, cybercriminals have moved to social engineering attacks of all kinds,” she explained.
According to Paul Fletcher, cyber security evangelist at cloud-security firm Alert Logic, users affected should perform a restore from their latest backup. If a normal restore is not an option, the next best course of action is to perform a factory default restore.
“Upgrading apps and operating systems are generally a good security practice, however we should all verify the update as legitimate before updating software. Also, it’s always a best practice to read what the updates include before completing the installation,” he advised.