- Meta found a vulnerability in WhatsApp for Windows
- It affects all older versions and allows hackers to trick people into running .exe files
- The flaw lets criminals display .exe files as harmless photos in the chat
Meta has fixed a medium-severity vulnerability in its WhatsApp client for Windows, which allowed threat actors to spoof executable files as images.
In a short advisory published on Facebook, the company said that it addressed a spoofing issue in WhatsApp for Windows, prior to version 2.2450.6.
The bug “displayed attachments according to their MIME type but selected the file opening handler based on the attachment’s filename extension,” Meta explained.
No abuse in the wild
“A maliciously crafted mismatch could have caused the recipient to inadvertently execute arbitrary code rather than view the attachment when manually opening the attachment inside WhatsApp.”
According to CyberInsider, this mismatch is a “classic method” for social engineering-based exploitation, since it allows threat actors to send files that appear harmless, but are in fact malicious. “If a victim double-clicks the attachment within WhatsApp, the underlying executable could run, compromising the user’s system,” the publication wrote.
All older versions of the software were vulnerable, Meta further explained, recommending that users apply the patch immediately.
At the same time, the Cybernews team says that there is currently no evidence that the vulnerability is being exploited in the wild. However, as usual with these things, as soon as news of a vulnerability breaks, cybercriminals start hunting for vulnerable endpoints.
Most cyberattacks these days start with social engineering. A phishing message, paired with a malicious attachment can be sent either via email, or through an instant messaging platform such as WhatsApp. It can trick the victim into making a rash decision, running the attachment without thinking through it first.
Email addresses get leaked a lot more often than phone numbers, which makes WhatsApp-borne attacks a little less likely. However, many organizations harvest this information as well, and then store it in misconfigured, non-password-protected databases, which often get picked up by malicious actors and sold on the dark web.
For Adam Pilton, Senior Cybersecurity Consultant at CyberSmart, said this is a dangerous vulnerability since many people are parts of different WhatsApp groups where images get shared all the time. This presents a great opportunity for criminals, and major risk for the users:
“It’s really important to stress that this WhatsApp vulnerability impacts Windows desktop users. Most people will be part of a WhatsApp group where it is common for images to be shared and this is where this vulnerability becomes dangerous, because if a cyber criminal was able to share this image either in your group or with someone you trust who then goes on to share it in your group, anybody in that group could unknowingly execute the malicious code associated with the shared image,” he said.
“It is good to see however that the solution is at hand and simple to achieve and that is to apply an update to WhatsApp.”
Via Cybernews
Leave a comment