If you are a WhatsApp Web user then you should be aware of this security flaw in the WhatsApp web that will make your PC venerable to attacks by Hackers. Let us talk about it in detail.
WhatsApp has recently crossed over 900 Million monthly active users, our of which, over 200 Million use WhatsApp Web to send and receive messages from friends and family. But is has a flaw that can let users install viruses and malware using a few line of codes that can be sent inside the vCard (A feature that is used to exchange contact details).
WhatsApp web users can currently send and receive text, image, audio, location and contact (vCard).
Hackers can hide the codes inside the vCard and when it is opened on a PC, it can get activated letting Hackers install anything to a PC remotely.
Opening the vCard on Mobile won’t affect as the architecture doesn’t support installation from a .BAT file.
Here is how it works
In order to attack a person, the Hackers only need the phone number that is associated with WhatsApp, and the user needs to be using WhatsApp Web.
The Hackers sends a vCard which looks just like any other vCard, containing a phone number, one would share.
When the user opens the vCard, the .BAT file gets activated and runs in the background, making the PC available to the Hacker for exploitation. Once the Hacker gets access to the PC, he can do following things.
The Hacker takes control of the Computer system and asks for a Ransom to leave the system.
[easy-tweet tweet=”Do you use WhatsApp for Web? Your PC might be at Risk http://tippr.in/1hZPc1K” user=”Techtippr”]
Monitor the user’s activity on the Computer that leaves to many more hacks like Passwords of Email and Back accounts.
This vulnerability was found by Oded Vanunu from Check Point Security Research who explained in a blog post how it works.
WhatsApp has been notified of the issue and they have rolled out an update to fix the issue, so if you are a WhatsApp Web user who uses a version before V0.1.4481, we strongly advice you do update your app.