email virus WhatsApp - sending itself to all in my address book

Your comment is awaiting moderation.

April 28, 2015- Same with me
I have a Mac 27" IOS 10.10.3.

Received a WhatsApp invitation from a friend in Gmail. Clicked on it and emails were sent to contacts and others who I have sent emails to in the past. Some dead email addresses with “message not delivered’ returns alerted me to the problem.

Hundreds of trojan emails were sent in my name, Argh!!

ChangedGmail password. All Mac virus programs run with no result leaving me to believe it attacked the Gmail client. Even after changing my password, return emails came in with subsequent briefings of emails I had sent AFTER I changed the password! Changed browsers. Changed to an alternate email. Still getting Delivery Status Notifications.

This is a serious threat to Gmail and Mac IOS. However, the unique vulnerability is with Mac allowing this to take hold. We have been led to believe that Macs are impervious to viral issues. Not the case here.

Mac's no-viral rep is at stake here.

Please.

First you say:

All Mac virus programs run with no result leaving me to believe it attacked the Gmail client.

But then you say:

However, the unique vulnerability is with Mac allowing this to take hold.

So, which is it? Is it a Mac vulnerability or was your Gmail hacked? The answer is Gmail.

This is helpful:

https://productforums.google.com/forum/#!topic/gmail/dlKKBID9JWw

Same here - it would really help if Apple would put out some official info on this issue as it's obviously doing the rounds. Trawling through 9 pages of discussion (largely focused on whether PCs beat macs from what I can see) is not an option, and searching the internet for the issue brings up lots of dodgy looking links - the last thing I want when I'm looking for a trusted source of information.

I'm getting lots of email bounces but also a number of enquiries from friends asking if I have a virus and I would like to be able to respond in an informed way.

It's like the cyber equivalent of getting an STD.

How about putting out some info from a trusted source Apple?

(Or if anyone knows of such please post the link).

I can confirm this in not a virus. After clicking on the WhatsApp link, the malware uses your open connection to your email server to send the spam, it accesses prior recipients from your server and adds it's own spam list. There is no virus to remove. Delete the WhatsApp email, close your email app, and change your password. You're done.

Just a quick request for advice about this one, if anyone's able to help me out: it doesn't seem to have gone to everyone - only a comparatively small number of messages appeared in my sent log compared to the number of contacts I actually have in Gmail. What I'm trying to work out is whether it did indeed only go to those people (and, if so, why not everyone?) or have some sent messages just not appeared in my sent log. I think I had about 90 in total in my sent log, but I have many more contacts than that.

Thanks if anyone's able to help!

Somit I log into iCloud and change password this would be ok?

Yep, I have the same sort of issue. In the past week or so I keep getting fake eMails sent to my iMac iCloud "junk" mail folder that look like the following:

I have no idea why I am receiving sooooo many of this type of "voice message" iCloud mail. These emails seem to come from all different kinds of addresses I never heard of or contacted. I also have never "clicked" any of the "green buttons" …. I just delete everyone of these **** eamils when they come in.

I will try to set up an Apple mail "rule" that might be able to simply "see" these vicious emails and send them to the trash, or automatically delete them without me having to see them or deal with them anymore!

If anyone has an idea on how to stop these, or what they really are, let me know!

This is what I just set-up in my Apple Mail …. an email "rule" that that might be able to simply "see" these vicious emails and send them to the trash, or automatically delete them without me having to see them or deal with them anymore!

I guess I'll wait now, and see if this has stopped me from receiving these vicious "missed voice message" emails.

(just copied some of the emails "subject line" ("a new missed voice message"), and placed it in the "contains" box.

If anyone has an idea on how to stop these, or what they really are, let me know!

Hey All...

I am computer literate but not really savvy on a nerd level, as I've grown accustomed to using my Mac and it's pretty intuitive and I've never had a problem with viruses. That being said I don't run any Anti-Virus software and I'm a bit nervous about this Whatsapp hack.

Early this morning I was checking my email on my phone in bed, half awake. I'm from the states but am living in Australia, and I do have Whatsapp downloaded on my phone... As I said I'm no mega-nerd but I am computer-wise enough to check web addresses and to not click on links etc. This morning the Whatsapp voice message email came in, getting past my Spam filter probably because I do have Whatsapp, and half awake I clicked play, and (embarrassingly enough) also entered in my gmail password on the fake login page that subsequently opened in Safari, noticing while I did it that the web address was not of gmail... Too late! I had already clicked "login" simultaneously. And got routed to "BBC" site sporting a weightloss ad or some crap... Mere seconds later my email started getting bombarded with "message failed to send" notifications by the dozen. I immediately leapt out of bed and changed my password from my computer, not my Iphone. I also went over all my email settings, engaging suggested security provisions, wrote an apologetic mass email to all of those in my contacts list warning against being as dumb as me 🙂 and have been researching the situation since.

What I would like to know is:

1.) By logging onto the fake Gmail login page on Safari is any other site I was logged onto through Safari on my phone at the time at risk of being breached?

2.) I don't even fully comprehend what malware is... Is this problem bigger than a Gmail security breach? It seems to be over after reporting phishing email and deleting, changing password, checking for unusual activity, and making sure no one else was granted access to my email. But it just happened an hour ago and I've been reading here about people going through the same precautions and having the emails continue being sent for days.

3.) Do I need to go about changing all my passwords? I didn't login through icloud just gmail but that gmail account is the one that everything goes through, my banks, my health insurance, my visas, everything!! Am I at risk for that info being stolen? I acted immediately...

I have hacker-nerd-coder-genius friends that may be able to help but they don't really use Mac or Iphone I don't think... 😐

I hope everything is ok, I've had this email address for 10 years and I don't want to change it.

Thanks in advance! I found it a bit daunting scanning through the battle of the nerds messages about whose right or knows more about Malware and other things I don't fully understand... So my apologies if these questions have already been answered or addressed. I just want to make sure I'm safe.

1.) By logging onto the fake Gmail login page on Safari is any other site I was logged onto through Safari on my phone at the time at risk of being breached?

No. Once you changed your Gmail password, you were no longer at risk.

2.) I don't even fully comprehend what malware is... Is this problem bigger than a Gmail security breach? It seems to be over after reporting phishing email and deleting, changing password, checking for unusual activity, and making sure no one else was granted access to my email. But it just happened an hour ago and I've been reading here about people going through the same precautions and having the emails continue being sent for days.

It's not malware. One person here argued that it was, but here's why it isn't: Nothing is installed on your computer. It was a phishing attack. Since you unknowingly gave them your password, they could access your email from anywhere, it doesn't matter what device you viewed the email on. They obtain your password through a website pretending to be Gmail's, and since your password was obtained through that web interface, it was not obtained by installing software (malware) on your device.

3.) Do I need to go about changing all my passwords? I didn't login through icloud just gmail but that gmail account is the one that everything goes through, my banks, my health insurance, my visas, everything? Am I at risk for that info being stolen? I acted immediately...

You only need to change your Gmail password, which you did. They cannot get any other passwords from that.

Thank you!

Why did the one person report changing his password and the problem persisting? It seemed really extreme!

I also read this, http://thehackernews.com/2015/02/whatsapp-web-malware.html although the situation seems to be different as you are correct, I did not download anything or click a link to download... I just clicked that one "listen to message" link....

and this too... But this would only be if you downloaded the fake app? Am I getting that right?

http://www.hackersnewsbulletin.com/2015/02/whatsapp-web-malware-hacks-confidenti al-information-private-phones.html

aleamonster wrote:

Why did the one person report changing his password and the problem persisting?

It's hard to say why, but one thing is certain: there's no malware involved here. I know folks are saying the opposite, but I've received countless copies of this message, and none involved any kind of malware. Further, no other security companies have come forward to say there's malware involved here, which they would, guaranteed. With as widespread and long-lasting an issue as this, at least one security company would have found something and announced it if there were something to find.

As for one possible explanation for why the problem would persist: GMail's mail delegation feature.

https://support.google.com/mail/answer/138350

This would allow hackers to maintain access to a hacked account even after the password was changed.

Hello all,

Thought I'd create a new account just to inform what seems to be happening, as this seems to have caused some confusion and then degenerated into a conversation about how macs can't get a virus and its gmails fault (apologies stopped reading after page 2 or 3 so this may have already been stated).

One of my paretns clicked on this message on the ipad while on their aol webmail account and it was forwarded to all their contacts.

On a test email accounts, on a computer:

When clicking on the link on a gmail account, this is detected and I am taken to a fake gmail login page which asks for a password. Therefore it seems if gmail is detected its standard phishing (tricking user into giving away their passwords).

When clicking on the link from an aol webmail account you are directed to a fake BBC news page about weight loss. This asks if you are sure you want to leave the page when you want to leave, has a video as well as other stuff in. This is the page my parent said they were taken to on an ipad. They then said they left the page but the emails were sent.

Will do some further investigation tomorrow, but I wasn't alerted to any malware, and was advised various plugins were trying to run on the bbc news webpage. My parent was not alerted to anything trying to run etc on an ipad.

note- from what I can tell in either of the above scenarios no actual malware seems to be trying to install itself.