Users of the popular WhatsApp Web service could be at risk of having malware installed on their machines without them knowing, security experts have warned.

Researchers at Check Point have revealed that up to 200 million users of the service, which allows users to receive their WhatsApp messages on their PC, could be at risk.

At risk

The exploit, discovered by Check Point security researcher Kasif Dekel, can allow attackers to trick victims into executing malware on their machines in a new, sophisticated way.

In order to exploit the vulnerability, an attacker simply needs to send a WhatsApp user a seemingly innocent ‘vCard’ contact card, containing malicious code.  Once opened in WhatsApp Web, the executable file in the contact card can run, further compromising computers by distributing malware including ransomware, bots, remote access tools (RATs), and other types of malicious code.

The flaw is particularly dangerous as all an attacker needs to target someone is the phone number associated with their account.

Update

WhatsApp is advising Web users to update the application immediately to make sure they are protected, with an updated version of the app available now.

“Thankfully, WhatsApp responded quickly and responsibly to deploy an initial mitigation against exploitation of this issue in all web clients, pending an update of the WhatsApp client” said Oded Vanunu, security research group manager at Check Point.

“We applaud WhatsApp for such proper responses, and wish more vendors would handle security issues in this professional manner. Software vendors and service providers should be secured and act in accordance with security best practices.”

WhatsApp, which recently announced it had passed 900m mobile users, released its web-based service back in January as the company looked to make it easier to type messages and save images and videos, as mobile device often have limited space.

Are you a security expert? Try our quiz!

Mike Moore

Michael Moore joined TechWeek Europe in January 2014 as a trainee before graduating to Reporter later that year. He covers a wide range of topics, including but not limited to mobile devices, wearable tech, the Internet of Things, and financial technology.

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

16 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

17 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

17 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

19 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

22 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

22 hours ago