Significant vulnerabilities that affect WhatsApp’s web interface allow attackers to trick victims and run code on their machines, the firm said.
“All an attacker needed to do to exploit the vulnerability was to send a user a seemingly innocent vCard containing malicious code,” Check Point researchers explained. “Once opened, the alleged contact is revealed to be an executable file, further compromising computers by distributing bots, ransomware, RATs, and other malwares.”
A vCard (virtual card) is a small file commonly used to exchange contact information between users. Exploiting the vulnerability is trivial and requires little expertise.
WhatsApp users should immediately upgrade to the latest version of the app to protect themselves against the vulnerability.
H/T BBC | Illustration by Max Fleishman