An Israeli based security firm has discovered a bug in the desktop version of popular messaging service Whatsapp owned by Facebook. According to the firm, around 200 million users of the App could have been exposed to the malware which could allow hackers to infect user’s system and taking over them by just knowing their phone number.
Researchers found that the web version of the app which according to company mirrors all the sent and received messages with the user’s phone, this has actually lead to the users system at risk. The risk is basically caused by the procedure of how Whatsapp uses vCard which contains the contact details of the person and is used to send contact details to the web version of the app.
The researchers revealed the whole procedure as how the hackers attack the victim’s system with the help of vCards. Basically, once the hacker inject the malicious code in the vCard which is afterwards opened by the user on the web-version of the messaging app. The alleged contact automatically converts into an exe (executabe) file which then infects the user’s system by distributing self-executable files and malwares.
The scary part of this scenario is that, How easy it is for hackers to target any user by just knowing a phone number an inject the malicious code in the vCard of that phone number.
Earlier this year, Whatsapp announced that around 200 million out of 900 million Whatsapp users are the using it web-based platform to chat with their dear ones and just recently the web-based service was opened for the iPhone users as well, which can supposedly increase the number of users using the desktop service of the app.
Researchers believe that the reason behind this attack is the vulnerability in the open source environment of the app, which has led to this attack.
To be noted, Ransomware named malware could be one of the malware injected in the user’s system. Going by the name, it takes control of all the local files stored in the system and makes it unusable until the ransom is paid.
Well, Whatsapp has already acted on the issue and is preparing an update for its web-based platform.
We at RVCJ urge all the users of Whatsapp not to use its web-based chat client until Whatsapp updates its platform and makes it safe for the users.
Do let us know about your thoughts on this severe attack. If you were infected by it or if you know someone who was attacked by the hackers, please let us know by commenting below.