A campaign originating from Russia has been identified, targeting Romanian WhatsApp users. The operation involves sending messages to victims, encouraging them to vote in a fake contest. When users click on the provided link, they are prompted to enter their WhatsApp number and an 8-character code, which grants the attackers access to the victim's account. The campaign uses multiple domains with Romanian-themed names, and evidence suggests previous targeting of English and Turkish-speaking users. The attackers exploit compromised accounts to spread the malicious messages further, potentially leading to account loss due to spamming. Users are advised against entering codes from suspicious websites to protect their WhatsApp accounts.