WhatsApp exploit put 200 million users at risk
A bug in the popular messaging service WhatsApp left hackers an “open door” to its 200 million users’ computers.
Security firm Check Point claims a vulnerability discovered in the software in August could allow hackers to take control of users' computers and malicious code.
The vulnerability affected only the web-based version of the service, and allowed hackers to access users files and to install software such as ‘randsomware’, which can demand victims pay a fee to regain access to their computer.
The WhatsApp web app is a mirror version of its mobile app, enabling all messages, images and other content received on a smartphone to be accessed from a web browser.
It is understood that up to 200,000 users of WhatsApp's web-based service may have had their personal data compromised before the vulnerability was fixed last month.
Despite the fixed though, users of WhatsApp's web-based service have been encouraged to run an antivirus scan.
All hackers needed to do was to find out someone’s mobile number, at which point they could infect machines using bogus ‘business cards’ sent via the web app.
A vCard is an electronic contact that is sent to another person, and, usually, contains someone's detail from the senders contact book.
The vCard sent by the hackers contained a malicious code that would distribute bots, ransomware and remote access tools (RATs) on a person's phone or PC.
There are currently over 200 million active users of the web app, according to statistics released by the firm this year.