The trojan horse in Spain is nothing but a pain

WhatsApp backup messages actually point to malware downloads, Spaniards warned

Spanish authorities are warning of a phishing campaign that impersonates messaging service WhatsApp in an attempt to trick recipients into downloading a trojan.

Recipients are being urged to download copies of conversations and call histories from a location that offers only the NoPiques malware.

The NoPiques (“Do not chop”) trojan comes bundle in a .zip archive which, if opened and run on a vulnerable device, results in infection.

Believable phishing campaign

Dangerous emails typically come with the Spanish language subject line ‘Copia de seguridad de mensajes de WhatsApp *913071605 Nº (xxxxx)’, although this can vary.

Messages are written in grammatically correct Spanish, or at least with few errors – unlike many malware-peddling phishing messages in English and other languages.

The warning about the malware campaign comes from Oficina de Seguridad del Internauta (OSI) of the Spanish National Cybersecurity Institute (INCIBE).

The alert was promoted on social media by the Guardia Civil policing agency.

Read more about the latest phishing and social engineering attacks

The Daily Swig asked OSI to estimate the possible number of victims caught out by the scam. No word back as yet, but we’ll update this story as and when more information comes to hand.

The latest attack follows a similar campaign that OSI warned about in March 2021.

The previous scam posed as messages from either WeTransfer, WhatsApp, Vodafone, the Spanish Ministry of Labor, or the Ministry of the Interior, but actually contained links that downloaded an (unnamed) trojan onto users’ devices.

OSI has published a YouTube video (see below) offering advice on how to spot scam phishing messages that pose as communiques from trusted organization, such as government agencies and internet services firms.

YOU MIGHT ALSO LIKE Netgear fixes RCE flaw in routers’ parental controls feature