A new danger has come to WhatsApp users, and that is that the Internet Security Office of Spain (OSI) together with the Civil Guard and a leading company in security detection ESET, have managed to identify a scam that tries to impersonate the identity of the messaging service to introduce the troyano banking Grandoreiro. What is it about? We will explain it to you below.
Grandoreiro is a new form of theft, which comes via email as an official communication from WhatsApp inviting people to download a backup of their conversations and call history, but what is actually downloaded is a compressed ZIP file, which contains the malicious software and when opened, the cell phone is totally infected with the banking Trojan .
It should be noted that according to the detailed analysis of ESET, this banking Trojan has had a presence in countries such as Brazil, Spain, Mexico and Peru since 2020 and appeared under the theme of the COVID-19 to deceive citizens and thus impersonate the identity of the tax agency.
How does the Grandoreiro banking Trojan work on my cell phone?
Once it has infected the victim’s computer, the main objective of the Grandoreiro banking Trojan is to steal banking credentials using fake pop-ups that make the victim believe that it is the official site of the bank.
It also has backdoor functionalities that allow the attacker to perform other malicious actions on the compromised computer, such as recording keystrokes (keylogging), simulating mouse and keyboard actions, logging off the victim, blocking access to certain sites. or even restart your computer, to name a few of its capabilities.
What do I do if I received the email from WhatsApp?
- If you received the email with the virus, all you need to do is delete it to make sure you end the threat.
- If you opened it and only downloaded the ZIP file, you are not in danger and it will only be enough to delete it from your cell phone and from your email.
- If you managed to decompress the ZIP file, but did not open the .msi file that it contains, you are still safe, since like the other options, it will only be enough to delete it so as not to be under any risk.
Scam, Latest News