Viber & WhatsApp ‘Left The Group’ Message Spam

Is fearr cosaint cliste ná ‘spam’ bhriste

The use of over-the-top (OTT) messaging services has grown exponentially over the past few years. New data from mobile research specialists, Juniper Research, has found that the overall messaging market will fall in value by $600 million by 2019, while mobile and online messaging traffic will reach 160 trillion per annum by 2019, up from 94.2 trillion this year. Within Ireland alone, over 43% of smartphone owners use OTT applications to connect with friends and family – including Skype, WhatsApp, Viber and Facebook Messenger. Yet while this growth is significant, with it comes an increase in reported cases of spam messages.

In January we reported on WhatsApp spam being received by Irish and UK subscribers in a wave of attacks. The type of spam in itself was not unique, but the very fact that there was WhatsApp spam demonstrated a shift in the way spammers are planning their attacks. With analysts predicting the decline in SMS revenues and a forecasted doubling of messaging traffic by 2019 (primarily in OTT messaging applications), it is evident spammers need to find new targets.

Since then, we’ve detected an increase in spam messages over the various OTT applications. Late last week we noticed an increase in spam messages again targeting users over WhatsApp; and, while this latest wave of WhatsApp spam attacks is new, the technique spammers are using is not.

As is obvious from these screenshots, the spammers are using group targeting to gain access to as many contacts as possible.

Example of WhatsApp spam message offering the recipient the opportunity to earn more income Example of a spam SMS message referencing President Trump

Spammers create a group, add a selection of sequential numbers to the group in an attempt to hit as many WhatsApp users as possible, and then delete the group – making contact blocking irrelevant. This is a new type of attack, though the originating numbers are from countries we’ve seen time and time again – China, India and US VoIP.

In addition to the recorded instances of WhatsApp spam worldwide, we’ve also detected an increase in Viber spam across Irish OTT users.

Screenshot of multiple Twitter users complaining about spam messages received on Viber

Though not a first for either WhatsApp or Viber, this spam is noteworthy in that it’s written in the Irish language.

The first recorded, wide-scale SMS spam in Irish was detected in late 2012 / early 2013 with a standard Apple spam message, but since then known cases have been very rare. Reported widely throughout Twitter and Facebook, this is an example of the Irish language spam messages Irish users have been receiving.

web page of a loan scam feauturing a man pointing, where the user is asked to input mobile number and last 4 digits of SSN

With known cases of this specific spam message in Asia and the US, this messaging abuse attack from hackers has navigated its way across the pond to Ireland. The spammers are moving quickly, though their methods of localising the language is neither unique nor effective. The Irish is very basic and is a direct translation using Google Translate.

We’ve witnessed the development of OTT messaging apps becoming a more and more attractive way for established messaging criminal groups to ‘cross-over’. Spam attack tactics are being recycled through familiar spam groups in China, India and US VoIP. While the messaging systems are working to build security protocols against these attacks, the important thing is to be aware of these attacks. The tactics are not unique, but they are damaging. Remember that you should not click on any unknown or unfamiliar link and report the incidents to the respective messaging application. In many cases, reporting to the targeted brand (i.e. Ray Ban) is also effective as they’ll work with the suppliers to eliminate these issues.

Twitter communication between Ray-Ban and a user regarding a fake Ray-ban account selling sunglasses cheaply

Thanks to Cathal Mc Daid, Yicheng Zhou and Barry Scallan for their contribution.

Related insights

Globe with multiple screens displaying images and trends

Enea Retrospective: What Did We Get Right in Our 2023 Trends Report?

Read more

Tags: Cybersecurity, IoT, MNO, Mobile Security

Mobile Survey Identifies Global Security Gaps as Networks Converge

Mobile Survey Identifies Global Security Gaps as Networks Converge

Read more

Tags: Cybersecurity, Mobile Security, Network Security, Security

Two-Thirds of Enterprises Endure Significant Losses to Mobile Fraud in 2024

Read more

Tags: Cybersecurity, MNO, Mobile Security, MVNO


Enea’s Blog Detailing Methods of Tracking Mobile Devices in Modern Warfare Featured in COTS Journal

Read more

Tags: Cybersecurity, Mobile Security, Mobile Surveillance

Help Net Security logo

Vishing, Smishing and Phishing Attacks skyrocket 1,265% post Chat-GPT

Read more

Tags: Cybersecurity, MNO, Mobile Security, SMS