WhatsApp users have been left perplexed after being offered ‘WhatsApp Gold’, a supposed upgrade that was only for top celebrities previously.
The app offers a host of new features including sending over 100 pictures at once and free WhatsApp calls. Of course the app is in fact a cybercriminal production, that installs malware on the phone and siphons details such as location and personal activity. When you see what the app offers in it’s message, it’s plainly too good (and too badly written) to be true:
“Hey Finally Secret Whatsapp golden version has been leaked, This version is used only by big celebrities.Now we can use it too ,Whatsapp Gold Contains many advanced features like Whatsapp Video calling , Delete the messages you sent by mistake , Send more than 100 pics at once ,Free calling ,Change whatsapp themes and tons of great features.This whatsapp gold can be activated only Via invites and I am inviting you.Once you activate this whatsapp gold , your geen icon will change to gold and you can enjoy all features 100% safely.Activate whatsapp Gold with one click at [link removed]”
Yep, seems legit, right?
WhatsApp is taking the precaution of actively banning users whose phones have ‘WhatsApp Gold’ installed and is warning users the app can pass on personal information to third parties without the user’s consent. Similar scams have been around for a while, sometimes under the guise of WhatsApp Plus (an app the company has repeatedly issued statements saying it is not affiliated with).
Adam Vincent, CEO at ThreatConnect, told the Guru that “the general public needs to appreciate that criminals use social engineering, using tricks to get them to break security best practices, to their advantage at every opportunity. Social engineering can come in the form of pretending to be a loved one or your credit card company, or in this case, promising them an elite, secret status. To prevent from being trapped in one of these scams, consumers should know to do at least these three things:
- Never click on a link in a message from someone you don’t know. You definitely should only go to trusted sites like Play Store, App Store or the providers website.
- Do a quick Google search to check to see if the offer or email is real. When a scam is out there, you may be able to find out.
- Question everything. Criminals are very good at making messages look like they are from a real company, or even worse, a loved one. So, keep your eyes out for clues as to whether the message is trustworthy – typos, slightly different email addresses or website addresses, and unusual wording are all indicators that the message may be from a criminal.”
Paul Flethcher, Cber Security Evangelist at Alert Logic, added that “the best option is to perform a restore from the latest backup. If it’s been a while since a user’s last backup operation, this may cause some issues, but at least it will return their device to a known un-compromised state. If a normal restore is not an option, the next best course of action is to perform a factory default restore. This may take time to complete the restore and add back all their data and apps, but at least they remove this threat.”
Mark James, Security Specialist at ESET, said that to be extra safe, users need to “limit any financial or social networking activity on this device until you are completely confident your device is not compromised.”