WhatsApp “Martinelli” hoax is back, warning about “Dance of the Pope”

If you follow @NakedSecurity on Twitter, you’ll have noticed that we warned last week about an old WhatsApp hoax that suddenly reappeared.

The bogus news is generally known as the “Martinelli hoax”, because it starts like this:

If you know anyone using WhatsApp you might pass on this. An IT colleague has advised that a video comes out tomorrow from WhatsApp called martinelli do not open it , it hacks your phone and nothing will fix it. Spread the word.

When we last wrote about “Martinelli”, back in 2018, we noted that the hoax was given a breath of believability because the text above was immediately followed by this:

If you receive a message to update the WhatsApp to WhatsApp Gold, do not click!!!!!

This part of the hoax has a ring of truth to it.

Back in 2016, hoax-checking site Snopes reported that malware dubbing itself WhatsApp Gold, was doing the rounds.

The fake WhatsApp was promoted by bogus messages that claimed, “Hey Finally Secret WhatsApp golden version has been leaked, This version is used only by big celebrities. Now we can use it too.”

So WhatsApp Gold was actual malware, and the advice to avoid it was valid, so the initiator of the Martinelli hoax used it to give an element of legitimacy to their otherwise fake warning about the video.The world’s best visibility, protection, and response.Start Online Demo

The latest reincarnation of the hoax has kept the text of the original precisely, including the five-fold exclamation points and the weird extra spaces before punctuation marks.

The new hoax even claims that the video first mentioned several years ago still “comes out tomorrow.”

But there’s a new twist this time, with yet another hoax tacked on the end referring to yet another video “that formats your mobile.”

This time, the video is called Dance of the Pope:

Please inform all contacts from your list not to open a video called "Dance of the Pope". It is a virus that formats your mobile. Beware it is very dangerous. They announced it today on BBC radio. Fwd this message to as many as you can!

Ironically, Snopes suggests that this piece of the hoax – which is basically the same as the Martinelli hoax but with a different video name – is even older than the Martinelli part, dating back to 2015.

Quite why the hoax has reappeared now is not clear, though it may have been triggered by March 2020 news headlines about wunderkind Brazilian footballer Martinelli.

Martinelli currently plays for Arsenal in England, but has been tipped to appear in the Brazilian national squad at just 18 years of age; he’s also been the subject of media speculation that he might get poached from Arsenal by Spanish heavyweights Real Madrid.

Is it even possible?

In theory, playing a deliberately booby-trapped video file on your mobile phone could end up in a malware infection, if your phone has an unpatched bug in its media player software that a crook could exploit.

In practice, however, that sort of bug is very rare these days – and typically gets patched very rapidly and reported very widely.

In other words, if the creator of this warning knew enough about the “bug” to predict that it could infect any mobile phone, and could warn you about this “attack” in a video that isn’t even out yet, it’s highly unlikely that you wouldn’t have heard about the actual bug itself either from the vendor of your phone or from the world’s cybersecurity news media.

Additionally, even if there were a dangerous bug of this sort on your phone and your phone were at risk, it’s unlikely that “nothing would fix it”.

As for the imminent and unconquerable danger of an alleged double-whammy video attack of “threats” that first surfaced in 2015 and 2016…

…well, if the videos were supposed to “come out tomorrow” more than four years ago, we think you can ignore them today.

What to do?

• Don’t spread unsubstantiated or already-debunked stories online via any messaging app or social network. There’s enough fake news at the moment without adding to it!
• Don’t be tricked by claims to authority. Anyone can write “they announced it today on BBC radio,” but that doesn’t tell you anything. For all you know, the BBC didn’t mention it at all, or announced it as part of a hoax warning. Do your own research independently, without relying on links or claims in the message itself.
• Don’t use the “better safe than sorry” excuse. Lots of people forward hoaxes with the best intentions, but you can’t make someone safer by “protecting” them from something that doesn’t exist. All you are doing is wasting everyone’s time.
• Don’t forward a cybersecurity hoax because you think it’s an obvious joke. What’s obvious to you might not be to other people, and your comments may get repeated as an earnest truth by millions of people.
• Don’t follow the advice in a hoax “just in case”. Cybersecurity hoaxes often offer bogus advice that promises a quick fix but simply won’t help, and will certainly distract you from taking proper precautions.
• Patch early, patch often. Security updates for mobile phones typically close off lots of holes that crooks could exploit, or shut down software tricks that adware and other not-quite-malicious apps abuse to make money off you. Take prompt advantage of updates!
• Use a third-party anti-virus in addition to the standard built-in protection. Sophos Intercept X for Mobile is free, and it gives you additional protection not only against unsafe system settings and malware, but also helps to keep you away from risky websites in the first place.
• Don’t grant permissions to an app unless it genuinely needs them. Mobile malware doesn’t need to use fancy, low-level programming booby-traps if you invite it in yourself and then give it more power that it needs or deserves.

Source: https://nakedsecurity.sophos.com/2020/03/23/whatsapp-martinelli-hoax-is-back-warning-about-dance-of-the-pope/