Viber & WhatsApp ‘Left The Group’ Message Spam
Is fearr cosaint cliste ná ‘spam’ bhriste
The use of over-the-top (OTT) messaging services has grown exponentially over the past few years. New data from mobile research specialists, Juniper Research, has found that the overall messaging market will fall in value by $600 million by 2019, while mobile and online messaging traffic will reach 160 trillion per annum by 2019, up from 94.2 trillion this year. Within Ireland alone, over 43% of smartphone owners use OTT applications to connect with friends and family – including Skype, WhatsApp, Viber and Facebook Messenger. Yet while this growth is significant, with it comes an increase in reported cases of spam messages.
In January we reported on WhatsApp spam being received by Irish and UK subscribers in a wave of attacks. The type of spam in itself was not unique, but the very fact that there was WhatsApp spam demonstrated a shift in the way spammers are planning their attacks. With analysts predicting the decline in SMS revenues and a forecasted doubling of messaging traffic by 2019 (primarily in OTT messaging applications), it is evident spammers need to find new targets.
Since then, we’ve detected an increase in spam messages over the various OTT applications. Late last week we noticed an increase in spam messages again targeting users over WhatsApp; and, while this latest wave of WhatsApp spam attacks is new, the technique spammers are using is not.
As is obvious from these screenshots, the spammers are using group targeting to gain access to as many contacts as possible.
Spammers create a group, add a selection of sequential numbers to the group in an attempt to hit as many WhatsApp users as possible, and then delete the group – making contact blocking irrelevant. This is a new type of attack, though the originating numbers are from countries we’ve seen time and time again – China, India and US VoIP.
In addition to the recorded instances of WhatsApp spam worldwide, we’ve also detected an increase in Viber spam across Irish OTT users.
Though not a first for either WhatsApp or Viber, this spam is noteworthy in that it’s written in the Irish language.
The first recorded, wide-scale SMS spam in Irish was detected in late 2012 / early 2013 with a standard Apple spam message, but since then known cases have been very rare. Reported widely throughout Twitter and Facebook, this is an example of the Irish language spam messages Irish users have been receiving.
With known cases of this specific spam message in Asia and the US, this messaging abuse attack from hackers has navigated its way across the pond to Ireland. The spammers are moving quickly, though their methods of localising the language is neither unique nor effective. The Irish is very basic and is a direct translation using Google Translate.
We’ve witnessed the development of OTT messaging apps becoming a more and more attractive way for established messaging criminal groups to ‘cross-over’. Spam attack tactics are being recycled through familiar spam groups in China, India and US VoIP. While the messaging systems are working to build security protocols against these attacks, the important thing is to be aware of these attacks. The tactics are not unique, but they are damaging. Remember that you should not click on any unknown or unfamiliar link and report the incidents to the respective messaging application. In many cases, reporting to the targeted brand (i.e. Ray Ban) is also effective as they’ll work with the suppliers to eliminate these issues.
Thanks to Cathal Mc Daid, Yicheng Zhou and Barry Scallan for their contribution.