14 DAY TRIAL // A short link delivered in a spam message enjoyed significant popularity among users in Finland, recording more than 21,000 clicks in about 18 hours.
Written in Finnish, the fake message informed the recipient that they supposedly won a raffle that offered Samsung Galaxy Pro devices as prizes, and it was sent via the WhatsApp messaging service.
Using WhatsApp for spam distribution is not a new tactic, as the service has been abused in the past by cybercriminals to promote counterfeit products to users in Europe.
Prize redeeming location points to the middle of nowhere
Two samples of the Samsung Galaxy Pro spam were received by a senior security researcher at F-Secure company in Finland, who analyzed them and noticed the high number of potential victims.
F-Secure researcher Sean Sullivan says that after congratulating the recipient for winning the Samsung device, another message came in, disclosing the location for picking up the gadget.
However, the map indicated a place in the middle of a golf course in central Finland, and the number of the sender revealed the country code for China, the researcher says.
Number of potential victims is incredible
After opening the profile picture with WhatsApp and tracking the website it was taken from, the researcher launched the link to the map in multiple mobile operating systems. On Android, the URL opened in Chrome and followed a short link to “lotto24[.]fi.”
The malicious string was created via Google’s URL shortening service, which allows tracking the number of times users click on it. Sullivan says that more than 22,000 users from Finland have already accessed the alleged prize-redeeming link.
From the metrics provided by Google, it appears that almost all the users clicking the URL are from Finland and they use an Android mobile device.
The general recommendation for unsolicited messages received via WhatsApp, as is the case with other forms of modern communication, is not to follow any of the links provided, as they are most of the times part of a scam; they could lead to online locations serving platform-specific malware, or to phishing pages.