Advisory 87: WhatsApp Targeted Phishing Attack to Vodafone customers
Release Date: 25th of June 2025
Impact : HIGH / CRITICAL
TLP Rating: Clear
CERT Vanuatu (CERTVU) and the Department of Communication and Digital Transformation (DCDT) provide the following advisory.
This alert is relevant to Organizations who utilize the above products. This alert is intended to be understood by technical users and systems administrators.
What is it?
June 24th, CERTVU received multiple reports on a specific message targeting WhatsApp users in Vanuatu. The attacker takes advantage of compromised WhatsApp accounts and uses them to disseminate mass messages to multiple WhatsApp users across the country. Mimicking it, as Vodafone wanting to reward all its old customers. The message contains a malicious link, which the attacker is inviting those interested in the offer to click on to continue the process of receiving their reward.
Below is what the message looks like.
What are the Systems affected?
All internet users who are using WhatsApp for communication, and specifically, Vodafone customers.
What this means?
CERT Vanuatu has conducted its investigation and analysis on the message and the link attached to it. We confirm that the message is not from Vodafone, and it is a targeted phishing attack with the intention of a greater attack.
On our investigation,
- We identified and confirmed that the message is not from Vodafone, as it appears to be.
- We also identified that the URL link within the message is not to the Vodafone website but to another malicious website. With a potential Malware payload to gain access to the victim’s device for a more advanced attack. Please see figure below.
- Internet users clicking the link provided in the message are only allowing the attacker to gain access and to exploit and infect their devices and steal their personal information.
Mitigation process
- Please do not click on the link, and do not share the message with those on your contact list.
- If you have clicked on the attached link in the message, please have your phone scan for a possible malware infection.
- Reset your passwords to all your online subscriptions, including your online Banking subscription.
- Contact CERTVU if you need further assistance
- Download advisory (English): WhatsApp Targeted Phishing Attack to Vodafone customers