Summary: Law enforcement agencies have issued an urgent advisory regarding a surge in “New Year” greeting scams on WhatsApp. These messages prompt users to click links to view “personalized gifts,” which instead trigger the download of malicious APK files that steal banking credentials and record calls.
Business Impact: These attacks leverage “holiday fatigue.” Employees using mobile devices for MFA are particularly vulnerable, as the malware can intercept SMS-based OTPs to facilitate corporate account takeovers (ATO).
Why It Happened: Scammers are exploiting the high volume of legitimate holiday traffic. The malware is designed to stay dormant for days before activating its financial theft modules.
Recommended Executive Action: Issue an immediate internal bulletin to all staff. Remind them to never install .apk files received via WhatsApp and to treat any “gift” or “greeting” links from unknown numbers as malicious.
Hashtags: #WhatsAppScam #MobileMalware #SocialEngineering #NewYear2026 #CyberHygiene