The web-based extension of the WhatsApp application is infected with a bug that has potentially put 200 million users at risk.
According to security firm Check Point, the malware includes ransomware, which can block access to the application and demands victims pay a fee to regain access to their files.
The security company highlighted that the vulnerability has occurred due to improper filtering of contact cards, sent using the popular ‘vCard’ format.
The attacker just needs to send a legitimate looking virtual business card to the target’s mobile number, which might have been obtained through another breach or attack.
Once the user clicks the contact card, a file will be downloaded containing malicious code that will run on the victim’s machine distributing bots, ransomware, RATs, and other malwares.
The security company informed the security flaw to the Facebook owned company.
Check Point security research group manager Oded Vanunu "Thankfully, WhatsApp responded quickly and responsibly to deploy an initial mitigation against exploitation of this issue in all web clients, pending an update of the WhatsApp client."