WhatsApp, the widely used messaging program, has fixed a dangerous Virus in its Web app that could be used to trick people into installing malware.
A newly found Virus in WhatsApp Web, the Web-based interface of the popular instant messaging client, allows attackers to trick users into effecting Random code on their computers. The virus or Bug will affect more than 200 million people who use WhatsApp Web. WhatsApp has since updated its Web client to patch the bug in the latest version. a simple Harmful phishing code had made WhatsApp web potentially dangerous if that code was opened.
The ‘MaliciousCard’ Bug or virus can be exploited by simply sending a vCard contact card containing malicious code to a victim’s account. Once the victim opens the alleged contact, it starts to distribute bots, ransomware, and other malware files.The flaw was found by a Check Point researcher, Kasif Dekel said, He found that the Web version of WhatsApp failed to properly filter calculate business cards in the vCard format.
He found it was possible to change the file extension for a vCard to .bat, or a batch executable script. “This means once the victim clicks the downloaded file (which he assumes is a contact card), the code inside the batch file runs on his computer.” An attacker just needs the victim’s phone number to send the malicious code and for the receiver to accept it.
WhatsApp fails to prove the vCard format and the contents of the file, the firm further noted. One could send a Program file and WhatsApp wouldn’t be able to flag or block it.
WhatsApp, which is available across multiple platforms, it reached 900 million monthly active users. WhatsApp Web, which offers several of the mobile app’s functionalities including the ability to send and receive text and audio notes, is used by more than 200 million users.