NEWS FROM THE LAB - Tuesday, May 5, 2015

More than 22 Thousand Finns Clicked WhatsApp Spam Today Posted by Sean @ 13:43 GMT

Daavid, a senior researcher on our Threat Intelligence team, received two "Samsung Galaxy Pro" themed spam messages to his WhatsApp account this morning.

Onneksi olkoon!

"Onneksi olkoon! Olet voittanut Samsung Galaxy Pro Tableting." Which translates as: Congraulations! You've won a Samsung Galaxy Pro Tablet. The message includes a link with a location from where you can supposedly redeem your prize, the middle of a golf course in central Finland, Paltamo Golf.

WhatsApp Spam WhatsApp Spam

A somewhat funny coincidence; I enjoyed a very nice family lunch there last summer. I'm certain it doesn't have an +86 number. The +86 country code belongs to China. The 132 and 150 prefixes belong to two GSM based networks.

Using the info function of WhatsApp reveals a larger version of the profile picture.

WhatsApp Spam WhatsApp Spam

And that image appears to have been pulled from some "Lotto24" campaign.

Google results

On an iPhone, a map was opened, the same as what happened with Windows Phone.

But on an Android device, the map linked to Chrome which followed a Google short-link to lotto24.fi.

The short-link metrics reveal that more 22,000 people (and counting) have clicked on the spam's link, almost all are from Finland.

Google link analytics
(Click image to embiggen.)


Thanks to Daavid for the screenshots.

Post by — Sean