View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 9, 2015

Ransomware poses threat to 200 million WhatsApp users

Vulnerability does not affect the mobile version of the application.

By CBR Staff Writer

The web-based extension of the WhatsApp application is infected with a bug that has potentially put 200 million users at risk.

According to security firm Check Point, the malware includes ransomware, which can block access to the application and demands victims pay a fee to regain access to their files.

The security company highlighted that the vulnerability has occurred due to improper filtering of contact cards, sent using the popular ‘vCard’ format.

The attacker just needs to send a legitimate looking virtual business card to the target’s mobile number, which might have been obtained through another breach or attack.

Once the user clicks the contact card, a file will be downloaded containing malicious code that will run on the victim’s machine distributing bots, ransomware, RATs, and other malwares.

The security company informed the security flaw to the Facebook owned company.

Check Point security research group manager Oded Vanunu "Thankfully, WhatsApp responded quickly and responsibly to deploy an initial mitigation against exploitation of this issue in all web clients, pending an update of the WhatsApp client."

Content from our partners
How to engage in SAP monitoring effectively in an era of volatility
How to turn the evidence hackers leave behind against them
Why food manufacturers must pursue greater visibility and agility

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.