Overview
- ESET Latinoamérica issued a late‑October alert about criminals exploiting WhatsApp’s screen‑sharing feature to steal data, money, and account access.
- The scheme begins with a fake video call from a spoofed number, creates urgent pressure, then pushes victims to share screens or install remote‑access apps like AnyDesk or TeamViewer.
- Once screens are visible, attackers view one‑time verification codes or plant keyloggers, enabling WhatsApp takeovers and access to banking credentials.
- Documented cases include a loss of 3,000 reais in Brazil and a separate $5.5 million theft in Hong Kong traced to similar social‑engineering tactics.
- Experts advise never sharing screens or codes, verifying requests through official channels, enabling two‑step verification, while WhatsApp now displays alerts when users attempt to share screens with unfamiliar callers.