Instant messaging app WhatsApp is again hit by a serious security risk. The company said that users on Android, iOS and Windows platforms are vulnerable to the new spyware. It said that hacking will become easy once the malicious spywares are installed. The company said attacks send compromised MP4 files to users to install unwanted programs. The programs allow attackers to access files WhatsApp data. They can also access files saved in the phone’s memory. The spywares trigger the remote code execution and denial of service attack. To inject spywares, hackers can use a victim’s mobile number to send a video file. No permission will be required from the user before installing the software.
The MP4 format video affected an unknown code block of MP4 handler in WhatsApp. The hackers can easily take control of the phone and access the data once malware is injected. Attackers can also use this trick for surveillance purposes. This security issue exists on both individual and business versions of WhatsApp. The Windows Phone versions are also vulnerable to the attack. The company in a statement noted that it is constantly working to improve the security of the app with the best available industry practices. To reduce the risk of compromising the data, both Android and iOS users are suggested update the app.
The Facebook-owned app was recently in the news after its users worldwide became a target of surveillance by attackers. The threat operators used NSO Group’s Pegasus spyware. The NSO Group is a surveillance company based in Israel. The spyware exploited a flaw in WhatsApp’s video calling feature. The attackers were able to take full control over the device after injecting the malware. Attackers then accessed phone calls, messages, data and even turn on the camera or microphone without any direction from the owners. WhatsApp was heavy criticized for compromising with the security. It later sued the Israeli group in an American court for violating its terms and conditions.