Social networks and messaging applications have become one of the favorite targets of cybercriminals. Thanks to an alert sent by the company Kaspersky, we learned about a new threat that mainly affects young people. Through the Sarahah application, attackers send anonymous messages to users to rip them off or infect their devices in order to obtain an economic benefit.
Sarahah, the anonymity app
Sarahah allows users to send anonymous messages without the recipient being able to reply. According to Kasperky, Sarahah has become popular among young people in Latin America, particularly in Brazil and Mexico. Because of this popularity is that it has caught the attention of cybercriminals, who have taken advantage of the anonymity of the shipment to carry out cyber attacks.
Sarahah was created as a web page so that workers could give feedback to their bosses. In fact, Sarahah means honesty in Arabic. Over time it gained popularity and is currently among the trendiest apps in Android and Apple stores.
Such are the attacks
Although the app does not allow direct links to be sent, hackers have found a way to send addresses to malicious sites. For example, the following message, originally written in English, was received by some users. The address leads to a site where they offer to give the names of people who have written anonymous messages. All for a modest amount of money. This is false because the policies of the application do not let know that information.
“Do you want to know WHO sends you these silly messages? You can find the name of everyone who sent you a message here -> free4unow (dot) info !!! “, says the text.
The content of the messages can vary and touch different topics, such as having pictures about users or information on any subject of interest. The end can be used to steal data or inject some malware.
“Victims who visit the links that they send are exposed to be redirected to malicious sites that offer users some kind of service in exchange for payments or personal data, or the installation of applications with programs that give big profits to virtual criminals “Said Roberto Martínez, security analyst in Latin America for Kaspersky Lab.
To protect against attacks like this, users can install an antivirus program for Android. Kaspersky Lab recommends that users do not enter pages of questionable origin, do not install unknown applications and do not share their phone number.