Hi, I am Rafay Baloch, a security researcher, author and a public speaker.

Whatsapp 4G VIP SCAM - Technical Analysis

This is a short blog post describing about a recent hoax pertaining the WhatsApp 4.0 version. I would like to clearly highlight that there is no such application as 'Whatsapp 4G'. The version promises users  unrealistic features video calling, new whatsapp themes, delete sent messages from both sides etc

The following is how the message is being propagated:

Technical Analysis 

Upon visiting the link you would be taken to a page where you would be asked to invite 15 friends before you can download the version, upon clicking the invite button, it would use WhatsApp scheme (whatspp://) in order send messages to your friends, and hence you would be promoting a hoax on behalf of the scammers:

The entire business logic is based upon the following client side script - http://new-4g-whatsapp.ga/invite.js.

Upon examining invite.js it was discovered that the code sets a cookie and checks if 15 invites have been sent on the client side: 

Once, the counter has reached up to 15 invites or above, you would be redirected to the download link:

From the above source code, if the value of is greater or equal to '15', window.location.href would be set to "ur" variable which hosts the following download link - http://ta3.co/new-4G-whatsapp/install.php

The installation link seems to be dead, normally in such scams you would be asked to fill in surveys or installing *free apps* which would not be free as they might be shipped with Malware/adwares.

Update (Whatsapp Gold)

A new variation of Whatsapp 4G VIP scam has recently came into notice with name of "Whatsapp Gold", which basically works on the same principle as above. The only thing that has changed the interface design and name.
© 2023 All Rights Reserved by RHA Info Sec. Top

Contact Form


Email *

Message *

Powered by Blogger.