A new virtual scam that runs through WhatsApp puts at risk the contacts of users of this instant messaging service.
Users are being sent malicious links that, when clicked, connect the mobile to a server and give scammers access to the user’s contact list, as revealed by cybersecurity researcher Daniel. In the process they rob victims of their telephone contacts, as well as files and bank details.
The malicious server receives the “name” values from the GET request and stores them in a text file. Then, the scammers send WhatsApp chat a link where they put in the variable the phone number of a person chosen at random.
If the user clicks on the link, the “name” is replaced again, now by the name of the contact. This information is sent automatically by WhatsApp to the infected server. If the link carries the name of the hacked user, the server sends the nickname that the person used to register for the service. If the hyperlink contains the number of another contact, then the server receives the nickname of that person.