A security flaw found in messaging app WhatsApp is putting a significant chunk of its 900 million monthly active user base at risk of malware exposure.
The vulnerabilities were reported by security firm Check Point Tuesday (Sept. 8) and is specific to WhatsApp Web, the Web-based extension of the messaging application on mobile devices. Check Point used publicly available Web traffic statistics to estimate that at least 200 million of WhatsApp’s active users use the Web interface.
A Check Point security researcher discovered the bug in the WhatsApp Web logic allowing hackers to trick users into exposing their own devices to threats by executing arbitrary code, a Check Point blog post stated.
A cyber attacker can do this by sending a user a vCard, which is an electronic contact card used for sharing contact details easily with other people, containing malicious code. Once that vCard is opened the user’s device or PC is then susceptible to bots, ransomware and remote access tools (RATs).
Check Point confirmed the Web vulnerability was easy to exploit and did not require the use of hacking tools. The only thing a hacker would need to distribute a malicious vCard is the phone number associated with the WhatsApp account.
The vulnerabilities were reported to WhatsApp on Aug. 21 and Check Point said an initial fix to the security flaw was rolled out on Aug. 27. Users are directed to update their WhatsApp Web browser in order to verify the security update took place.
This news is just the latest in cybersecurity threats hitting WhatsApp users.
Late last week, The Financial Industry Regulatory Authority (FINRA) warned investors about a surge in fraudsters using messaging apps like WhatsApp to distribute deceptive messages to users.
WhatsApp users were flooded with messages in recent weeks that looked as though they were from individuals at well-known brokerage firms but actually contained misleading stock information. The “pump-and-dump” stock scams typically induce the buying of shares before they are then sold at their peak.
A news release from FINRA explained: “This latest scam is a variation of the pump-and-dump scam, where fraudsters use spam — in this case transmitted through the mass message push feature of messaging apps — to tout a stock. The buying that follows will ‘pump’ up the price — until the fraudsters ‘dump’ their shares by selling them at a peak. In the end, investors lose their money or are left with worthless, or near worthless, stock.”
[vc_row full_width=”” parallax=”” parallax_image=””][vc_column width=”1/1″][/vc_column][/vc_row][vc_row full_width=”” parallax=”” parallax_image=””][vc_column width=”1/1″][vc_separator color=”grey” align=”align_center” style=”” border_width=”” el_width=””][vc_single_image image=”148412″ alignment=”center” style=”vc_box_shadow_3d” border_color=”grey” img_link_large=”” img_link_target=”_blank” css_animation=”left-to-right” img_size=”full” link=”http://www.pymnts.com/whats-hot-today/”][vc_column_text css_animation=””]
To check out what else is HOT in the world of payments, click here.
[/vc_column_text][vc_separator color=”grey” align=”align_center” style=”” border_width=”” el_width=””][/vc_column][/vc_row]
We’re always on the lookout for opportunities to partner with innovators and disruptors.
Learn More