Skip to main content
HashnodeFPT IS SecurityFPT IS Security

Command Palette

Search for a command to run...

WhatsApp for Windows Critical Flaw Exposes PCs to Malware Threat

Updated
2 min read
WhatsApp for Windows Critical Flaw Exposes PCs to Malware Threat
T
Tran Hoang Phong

Just a SOC Analyst ^^

Part of seriesNewsletters-eng

A security vulnerability has appeared in the latest version of WhatsApp for Windows. This vulnerability allows attackers to send Python, PHP script attachments and execute them without any warning when the recipient opens them.

Vulnerability Analysis

While attempting to send an attachment on WhatsApp, a security researcher accidentally discovered this vulnerability. When sending a file with a dangerous format, such as .EXE, WhatsApp provides the recipient with two options: Open or Save As.

However, when trying to open the file, WhatsApp Windows generates an error, leaving the user with only the option to save the file to the hard drive and launch it from there. According to the analysis, file types like .EXE, .COM, .SCR, .BAT, .DLL, .HTA, VBS, and Perl are affected by this issue, making them unable to open directly from the application and only openable after being saved to the hard drive.

Failed .EXE launch from WhatsApp client

Additionally, the security researcher discovered four types of files that WhatsApp allows to launch without confirmation: .PYZ (Python ZIP app), .PYZW (PyInstaller program), .EVTX (Windows event Log file), and .PHP (PHP scripts). If the victim's machine has Python, PHP, and the necessary libraries installed, simply clicking "Open" on the file will execute the script.

WhatsApp has received the report about the vulnerability but has no plans to fix it as they do not consider it an issue on their part.

Impact Level

Attackers can exploit this vulnerability to send malware and malicious scripts to victims and chat groups. Furthermore, attackers can use stolen accounts to send malware to the victim's contacts, increasing trust instead of using a new account to spread the malware.

Recommendations

FPT Threat Intelligence recommends several measures to mitigate risks:

  • Security Awareness Training: Train employees about security threats and advise them not to download and open files from unknown sources.

  • System Monitoring: Monitor systems to detect unusual activities.

References

#english#whatsapp

Comments

Join the discussion

No comments yet. Be the first to comment.

Newsletters-eng

Part 1 of 50

More from this blog

F

FPT IS Security

761 posts

Dedicated to providing insightful articles on cybersecurity threat intelligence, aimed at empowering individuals and organizations to navigate the digital landscape safely.