While viruses have traditionally been sent by email, currently the popularity of WhatsApp has caused many hackers to try to send viruses or false links to try to hack us. The latest of these viruses (or more correctly “attacks”) has started to be seen in Navarra as the Autonomous Police of Navarra have alerted the public, and it comes by way of your contacts.
A year ago there was a similar virus that tried to gain access to your contact list, and normally came from an unknown number, which put the users on alert. However, the current attack uses a known contact, which could be your mother, your father or a friend.
The first confirmed person affected is a young woman from Santacara, who went on Saturday to tell authorities that her mobile had been hacked in this way. She received the message from her cousin, in which she asked her for help, saying that she needed her to resend her an SMS, and later she lost control of WhatsApp. Her cousin revealed later that she had not sent her any message.
The Autonomous Police have described how this method works, which is more social engineering than a virus. To begin, the attacker installs WhatsApp on a virtual machine. When he tries to access the app he uses your telephone number. Once WhatsApp sends the access SMS to your phone, the attackers try to get you to resend it using the WhatsApp of someone you know which has already been hacked, falsely asking for help.
If you resend the verification code to the attackers, they can put double verification on the application and keep you from being able to use the app on your phone. From there, the hackers contact you so that you will give them money in exchange for the six-digit PIN number in order to be able to keep using WhatsApp on your phone.
Obviously, in no case should you pay the attackers, and the best thing is to contact WhatsApp’s technical service department to ask for help. Another alternative is to change your phone number, which some users have found themselves needing to do.
Therefore, the clearest recommendation in this case is to not re-send any SMS, code or number to anyone. Two step verification was introduced by the company a year ago, in an attempt to fight against hacking that was being done by cloning SIM cards. However, this method has now introduced an even worse problem, and one which can leave many inexperienced users without WhatsApp.