For those unfamiliar, it wasn’t too long ago that WhatsApp released a web version of its chat service, which had also recently made its way onto iOS devices as well. Basically this allowed users to chat with each other using WhatsApp, except through a web interface so that if they’re on the computer, it’s easier than having to type on the phone.
That being said, security research company Check Point has recently discovered a flaw that made the web service open to potential attacks, in which the hacker could easily distribute all kinds of nasty stuff including malware and ransomware. How is this done? Apparently this exploits a flaw in the web version in which users who send vCards can actually hide malware in it.
Upon the opening of the vCard, the malware would then be able to install itself. According to Mark James from security firm ESET, “Bearing in mind that WhatsApp is a cross-platform mobile messaging app, the chances of you opening a vCard sent to you is quite high. Once opened it could attempt to download and infect your system with ransomware.”
Thankfully WhatsApp has since been notified of the flaw and has patched the web version of its app. However at the same time users are encouraged to update the mobile version of the app as well. If you haven’t done so already, you should probably get on that.