Spammers Take A Liking to WhatsApp Mobile App

Researchers at AdaptiveMobile released a report demonstrating an increase in spam over the WhatsApp messaging app.

Spammers have settled in on the WhatsApp messaging platform with greater regularity, aided in one locale, by of all things, government regulations.

Researchers at AdaptiveMobile yesterday published a report that exposed a number of spam campaigns peddling phony handbags and sunglasses, investment scams, pornography, and more that are moving over the platform, sidestepping SMS in the process.

SMS apps had been the preferred vehicle for mobile spam campaigns, but WhatsApp’s prevalence in Europe and India in particular has caught spammers’ attention; CEO Jan Koum said not long ago that WhatsApp processes 30 billion messages every day.

WhatsApp, unlike iMessage for example, is not an SMS app, but is an Over-The-Top messaging app, an alternative messaging service to those provided by mobile network operators.

“The total scale of these individual spam attacks over WhatsApp is hard to tell, but if anything, it does seem clear that WhatsApp is joining the ranks of messaging systems which now have a functioning and active spam ecosystem, and the contributors to this spam are being affected by and coming from other messaging systems,” said Cathal McDaid, head of data intelligence and analytics at AdaptiveMobile.

The report said some of the spam campaigns originate from numbers in China; the phony handbag campaign, for example, is similar to an iMessage campaign that moved over SMS on the Apple platform last year.

“Due to the massive decline in the amount of SMS Spam in America, this attack gained prominence as it occupied a large percentage of the remaining spam being reported at the time,” McDaid said. “The presence of the same kind of attacks, clearly indicates that these types of spammers have decided to switch, or at least diversify onto WhatsApp.”

India, in particular, seems to be overrun with WhatsApp spam, AdaptiveMobile said. The reason seems to lead back to a 2011 government antispam regulation that enforced fines against mobile operators for SMS spam reported by subscribers. AdaptiveMobile provided data from one India mobile operator showing a 97 percent drop in mobile spam last year. By comparison, operators in China report that 45 percent of mobile messages are spam; 0.12 percent of messages in India are spam.

Spammers have, as a result, moved to WhatsApp. Campaigns in India are executed relatively inexpensively. Contributing heavily to the increase, McDaid said, is the fact that spammers are exploiting a loophole in the antispam regulations.

“As an IP service, which users optionally sign up for, and not a ‘core telecom service’, WhatsApp is not covered by the Do-Not-Disturb requirements, leading to a thriving industry offering to send spam over WhatsApp,” he said. “This fact is even pointed out by spammers spamming their services to those who wish to advertise, which clearly spells out the advantage of WhatsApp as being legally able to send to DND (do not disturb) numbers. Government intervention, it seems, has given a perfect reason for SMS spammers to move to WhatsApp in India.”

WhatsApp’s popularity is growing worldwide and its flexibility allows it to run on a number of mobile platforms. In November, it added end-to-end encryption for its Android application, the result of a partnership with Open Whisper Systems, a secure text and mobile OS vendor.

“WhatsApp runs on an incredible number of mobile platforms, so full deployment will be an incremental process as we add TextSecure protocol support into each WhatsApp client platform. We have a ways to go until all mobile platforms are fully supported, but we are moving quickly towards a world where all WhatsApp users will get end-to-end encryption by default,” Open Whisper Systems said.

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.