The messages arrive from unknown numbers and promise an update to the application, but the real objective is to steal personal information and banking data from those who receive them.

According to the PSP, the message usually says "You received a message, but your version of WhatsApp is not compatible" and includes a link that invites you to "update WhatsApp". At first glance, everything seems normal, but clicking on the link leads the user to malicious pages.

On these sites, criminals manage to install programs that access the device, collect personal information and, in some cases, even make bank transactions without the victim's authorization.

The scheme uses SVG (Scalable Vector Graphics) files, commonly known as vector images. However, because they are code-based, these files can include HTML or JavaScript elements, making them capable of performing dangerous actions on the device of whoever opens them.

Among the methods used by criminals are SVGs disguised as Excel spreadsheets with login forms. When the victim fills in the data and submits the form, the information goes directly to the cybercriminals.

There are also files that pretend to be simple downloads, but which, when opened, install malware or automatically redirect to phishing pages created to steal sensitive data.

Recommendations

To protect against this type of fraud, the PSP advises keeping the operating system and applications updated, using active antivirus software, and avoiding conducting banking transactions on public Wi-Fi networks.

It is important to verify that the websites accessed use the secure "https" protocol and never click on links or open attachments from unknown senders. The PSP also recommends enabling two-factor authentication on all digital accounts and changing the default router password to a more secure and unique one.

If in doubt, users should immediately delete the suspicious message and report the incident to the authorities.