WhatsApp Web Vulnerability Allows Hackers to Hold Users to Ransom
Earlier this year WhatsApp had introduced WhatsApp Web, a feature which allowed users to communicate through their laptops or PCs by mirroring the WhatsApp account on their phones. Hackers have allegedly exploited the vulnerability in the WhatsApp browser client and this attack has eventually put 200 Million users at risk.
WhatsApp Web is available for Android, Blackberry, Windows Phone and recently they also expanded the services for the iOS. Security firm Check Point claims to have unearthed a vulnerability in the software, which would let hackers take control of user’s computer and install ransomware or as a matter of fact any kind of malware. The hacker could simply inject a command in the name attribute of the vCard file and when executed, Windows will run all lines in the files just like a usual Windows Batch file, thus executing the malicious code.
Ransomware is a type of malware which holds the user’s system for ransom and asks them for money in order to free the system, in case the user refuses, the ransomware will steal or delete all the data from the host computer.
The modus operandi of hackers for hacking WhatsApp account includes accessing the phone number associated with your WhatsApp account and then sending a VCard electronic contact card which will be injected with malware. The moment victim opens the vCard file hackers can initiate the malware download process, remotely. WhatsApp has already acknowledged the security flaw and has begun rolling out updates from past one week.
Malware, RansomWare and other sort of vulnerability exploiting tools are patrolling the wild seas of Internet looking out for victims. The worst part is the fact that their method of inducing is so natural that the malware will go completely unnoticed. Best mantra to safeguard ourselves online is to keep our eyes and mind open to any sort of activities which might even appear to be remotely suspicious, always better to be safe than sorry. For now, ensure that you don’t click on any contact shared by anyone till the vulnerability is officially fixed by WhatsApp. Make sure you alert your friends and family by sharing this article.