Online Advisories & Alerts

June 24th, CERTVU received multiple reports on a specific message targeting WhatsApp users in Vanuatu. The attacker takes advantage of compromised WhatsApp accounts and uses them to disseminate mass messages to multiple WhatsApp users across the country. Mimicking it, as Vodafone wanting to reward all its old customers. The message contains a malicious link, which the attacker is inviting those interested in the offer to click on to continue the process of receiving their reward.

Below is what the message looks like.

All internet users who are using WhatsApp for communication, and specifically, Vodafone customers.

CERT Vanuatu has conducted its investigation and analysis on the message and the link attached to it. We confirm that the message is not from Vodafone, and it is a targeted phishing attack with the intention of a greater attack.

On our investigation,

• We identified and confirmed that the message is not from Vodafone, as it appears to be.
• We also identified that the URL link within the message is not to the Vodafone website but to another malicious website. With a potential Malware payload to gain access to the victim’s device for a more advanced attack. Please see figure below.
• Internet users clicking the link provided in the message are only allowing the attacker to gain access and to exploit and infect their devices and steal their personal information.

• Please do not click on the link, and do not share the message with those on your contact list.
• If you have clicked on the attached link in the message, please have your phone scan for a possible malware infection.
• Reset your passwords to all your online subscriptions, including your online Banking subscription.
• Contact CERTVU if you need further assistance