Simple yet malicious, this WhatsApp hack might be recently reported but the modus operandi is not entirely new and there still may be a way to prevent such attacks altogether. At least three people from Hyderabad over the past week have been a victim of a form of social engineering hack where malicious actors get unauthorised access to a person’s WhatsApp account. Hyderabad Cyber Crime Police Station station house officer KVM Prasad described this attack while talking to a local Telugu news channel V6. This is how it works — The malicious actor signs up on WhatsApp using the victim’s number and then calls them to convince them to give the OTP. Once the OTP is given, the actor logs in to the person’s account and enables two-factor authentication. This locks out the owner of the account If there are chat backups, the hacker will now have access to it The malicious actor then identifies people with whom the person has had the most number of conversations and sends them a malware link By clicking on the link, that person’s phone gets infected The actor also sends messages to the person’s friends asking for money. The recipients fall for it thinking that their friend is messaging them. https://twitter.com/EOWCyberabad/status/1427973773844639745?s=19 “In the last few days alone we have received three cases. Even if its from your friend, don’t click on unknown links on WhatsApp,” Prasad told NTV. We have reached out to Prasad with our queries and will update the post when…
