CTM360 has identified a rapidly expanding WhatsApp account hacking campaign targeting users around the world through a network of fake authentication portals and spoof pages. The campaign, known internally as HackOnChat, exploits WhatsApp’s familiar web interface and uses social engineering tactics to trick users into compromising their accounts.
Researchers identified thousands of malicious URLs hosted on inexpensive top-level domains and quickly generated through modern website building platforms. This allows attackers to deploy new pages at scale. Campaign activity logs show hundreds of incidents in recent weeks, with notable increases across the Middle East and Asia.
Read the full report here: https://www.ctm360.com/reports/hackonchat-unmasking-the-whatsapp-hacking-scam
Hacking activities and exploitation techniques
Two techniques dominate these hacking activities. Session hijacking, where an attacker exploits the functionality of a linked device to hijack an active WhatsApp web session, and account takeover, where an attacker tricks the victim into handing over the authentication key, giving the attacker full control of the account. Attackers push these links using fake security alerts, WhatsApp Web-like portals, and spoofed group invitation message templates. These sites are further optimized for global reach, with multilingual support and a country code selector to adapt the interface to users in multiple regions.
Once scammers gain control of a WhatsApp account, they exploit it to target the victim’s contacts, often posing as trusted sources and demanding money or sensitive information. They can also scrutinize messages, media, and documents to steal personal, financial, or personal data, which can be used for fraud, impersonation, and extortion. These attacks are often amplified by phishing messages being sent to the victim’s contacts using the compromised account, creating a series of attacks that spread the scam.
HackOnChat shows that social engineering remains one of the most scalable attack vectors today. This is especially true when attackers exploit trusted, familiar interfaces and the human trust built around them.
Read the full report here and explore all of CTM360’s latest insights and threat intelligence.
For more information, please visit www.ctm360.com.
Source link
