Title: WhatsApp Warning: Link Hijackers Exploit Vulnerability

Title: WhatsApp Warning: Link Hijackers Exploit Vulnerability

It's been quite an intriguing year in the world of cybercrimes, with phishing tactics evolving at a rapid pace. Hackers and fraudsters are continually searching for methods to compromise various accounts. From employing invisible images in emails, to targeting Google Ads users with a relentless hacking attack, and even launching a phishing-free phishing attack against PayPal users, the list goes on. Recently, WhatsApp users have found themselves in the crosshairs of cyber threats. Both Microsoft and Malwarebytes have issued warnings about a WhatsApp broken link threat that's currently in circulation. Let's delve deeper into this threat and understand its implications.

Star Blizzard's New Tactics: The WhatsApp Broken Link Attack

A Russian hacking group, Star Blizzard, has been reportedly targeting WhatsApp accounts for compromise. This is a shift in strategy for Star Blizzard, according to Microsoft Threat Intelligence, as they've generally stuck to their well-established tactics. However, this change is a cause for concern in itself. To complicate matters, Star Blizzard has adopted a novel approach–a broken-link QR code attack.

In this scheme, phishing emails are sent to high-value targets, containing QR codes supposedly leading to a WhatsApp group invitation. But, unlike most phishing lures, these QR codes do not redirect the victim to a malicious website or the intended WhatsApp group. Instead, as Malwarebytes malware intelligence researcher Pieter Arntz explained, the link within the QR code is intentionally broken. The goal is to entice the victim to comment about the broken link. This then provides Star Blizzard with an opportunity to send another link, disguised using link-shortening services, to a site containing yet another QR code. Scan that code, and the victim unknowingly adds another device to their WhatsApp account, falling under the control of the attackers.

Safeguarding Yourself Against Broken Link WhatsApp Account Compromises

Microsoft Threat Intelligence's recommendations focus mainly on its own users, but Malwarebytes' report offers broader advice:

1. Hover Before You Click: Exercise caution and always hover over a link before clicking it. This provides you with a glimpse of the URL, ensuring it's legitimate.
2. Analyze Shortened URLs: Be wary of URLs that have been shortened. Pause to think about the reason behind the shortening. If there's doubt, use a URL expander to unshorten the link and verify its destination.
3. Examine Device Prompts: Pay close attention to the prompts displayed on your device when you follow instructions on a website. Ensure they align with what you expect from WhatsApp.
4. Verify Sender Authenticity: Cross-check the sender's identity through an alternative communication channel before acting upon their request. This may involve contacting someone through email or a direct message.

As users prioritize protecting their WhatsApp accounts, they should adhere to the following steps to beat the Star Blizzard broken link threat and other phishing scams:

1. Activate Two-Step Verification: Add an additional layer of security to your WhatsApp account by enabling two-step verification. This requires a PIN during registration, making it harder for attackers to gain unauthorized access.
2. Beware of Links and Attachments: Exercise caution when clicking on links or downloading attachments from unknown sources. These are often used to spread malware or phishing scams.
3. Verify Unforeseen Requests: Even if the message appears to be from a trusted source, double-check its authenticity using another communication method. Be vigilant, especially to requests involving QR codes or shortened links.
4. Leverage Encryption Tools: Consider using advanced encryption tools like DataShielder NFC HSM or HSM PGP, which protect information even when an account is compromised. These tools employ robust encryption protocols and store encryption keys locally, warding off key extraction by attackers.
5. Manage Privacy Settings: Customize privacy settings to control who can view your profile picture, status, and last seen information. Set these restrictions to "My Contacts" or "Nobody," minimizing the risk of unauthorized access.
6. Keep Your App Updated: Ensure you are running the latest version of WhatsApp by periodically updating it. This provides you with the latest security patches and features, shielding against newly discovered vulnerabilities.
7. Activate Screen Lock: Secure your WhatsApp account by enabling a screen lock, requiring Face ID, Touch ID, or a passcode to open the app.

By following these steps, users can significantly mitigate the chances of falling victim to the Star Blzzard broken link threat and other phishing scams targeting WhatsApp accounts.

1. The WhatsApp broken link threat is a concern for users, with both Microsoft and Malwarebytes issuing warnings about Star Blizzard's QR code attack.
2. In the Broken Link WhatsApp attack, Star Blizzard sends phishing emails containing broken QR codes that lead to WhatsApp group invitations.
3. To bypass suspicion, Star Blizzard intentionally breaks the link within the QR code, leading victims to request a fixed link, which contains another malicious QR code.
4. To avoid falling prey to the broken link WhatsApp attack, users should hover over links before clicking, analyze shortened URLs, examine device prompts, and verify sender authenticity.
5. Additionally, WhatsApp users can activate two-step verification, beware of links and attachments, verify unforeseen requests, leverage encryption tools, manage privacy settings, and keep their app updated to stay protected.

Read also: