Another phishing attack on WhatsApp users.

A nasty malware has been spreading among WhatsApp users in Singapore over the past few days. It masks itself as a bitly link to a 7-Eleven voucher, and when you click on the link, it sends you to a spoofed page which appears to be harmless. In actual fact, your device has already been infected with the malware. It’s then likely to be spamming your contacts with the fake 7-Eleven bitly link.

Once your device gets infected, the malware will most likely piggyback on your network to spam your contacts, and it could be hard to remove the malware from your phone.

You’ll never know what the malware might be doing behind your back. For all you know, it could be downloading all your photos, emails and passwords and storing it somewhere else.

Network-based security solutions from legacy security companies won’t do anything to protect users from this form of attack. Nor can anti-virus software apps stop this form of attack.

WhatsApp should integrate either the MetaCert Security API or Google Safe Browsing API to help protect users by checking the validity and categorization of links before permitting them to load inside the app or native browser. Naturally I recommend MetaCert on the basis that our API is easier to implement, faster and would allow WhatsApp to block malicious ads and not just phishing and malware attacks.