Latest reports from security firm Check Point reveal that attackers can now target WhatsApp web users by tricking them to execute a mandatory code on their PCs. Ever since the reports have poured in, users all over the world—amounting to 200 million plus—are wary of the vulnerable position they have been pushed into. The official statement from WhatsApp says that their system engineers have already updated the Web client patch for the bug in the new version.
The ‘MaliciousCard’ Issue
With the latest MaliciousCard vulnerability issue, users can be fooled once they receive a VCard or a contact card that contains a malware code to hack the account of the victim. The attacking source can infuse a command via the vCard file, which is separated by ampersand character.
The PC’s Windows will automatically run all lines part of the code. We do not know for sure if users of Mac are risked by the vulnerability. In case the user pops the contact card open, the ransom ware, bots and similar files are automatically distributed across the system. The biggest issue is that the sent V-card looks so legitimate that the users barely suspect it to contain malware.
What Check Point Says?
Check Point, the security firm also specified that WhatsApp had been informed about the glitch as soon as the bug was found. As a follow up, the app issued a brand new update on 21 August for bug fixing. Of note is the fact that the versions WhatsApp Web v0.1.4481 and the ones that came in later are not exposed to the vulnerable threat. The other version of WhatsApp does not validate this vCard format and all contents of the same.