X WhatsApp Invisible

WhatsApp Messenger vulnerability to malware has yet again emerged following a revelation by a team of cyber security experts from the Comodo Antispam Labs (CASL) through a blog post.

The team has revealed a new spam targeting WhatsApp users. The purported cybercriminals are said to be sending spam mails having malware content to WhatsApp users. The ‘message’ when clicked on, ideally, looks like genuine information from the official WhatsApp crew, yet the content is pure malware.

Emails used in sending the malware content

The team describes the emails being spread to the app’s users as having an umbrella that brands “WhatsApp”. The said email content appears genuine, but a closer look at the sender’s email address is not actually from the real Facebook-owned WhatsApp.

Here are among the subject lines that the cybercriminals use to spread the malware attack to users;

  • An audio memo was missed. Ydkpda
  • A sound announcement has been received sqdw
  • You have obtained a voice notification xgod
  • You’ve recently got a vocal Yop

The subject lines appear to be ending with some funny sets of characters such as ‘xgod’, ‘Atjvqw’ among many other different letters that don’t make any sense to a regular user. According to the CASL experts, these ending characters in the subject lines might probably be data encoding tools used to recognize probable recipients of the malware content.

Malware concealed in an attachment

The team discovered that the malware is contained in a compressed (zip) file in a particular sent attachment. The said malware usually makes several copies of itself into various folders of the system and, as a result, getting included in the computer registry as an autorun. This characteristic is associated with variants of the “NIvdort” family.

As such, when a user receives the mail and opens the attachment, the malware’s intended action is executed and released into the computer system. The experts from the cyber security firm recognized the malware in the WhatsApp mail via domain, IP and URL analyses.

Not the first time

This is neither the first nor the second identified case of WhatsApp vulnerability to flaws. Towards the end of 2015, a teenager named Indrajeet Bhuyan identified an exploit that could crash the app using thousands of emojis in a WhatsApp message. The teenager explained and even demonstrated how to execute this crash on YouTube.

Bhuyan explains that WhatsApp Web allows for up to 6500 to 6600 characters in a single message but after keying in about 4200 to 4400 emoji characters, the browser starts slowing down. The app crashes upon adding more characters as the limit is not reached.

Interestingly, this same teenager together with a friend – Sourav Kar – discovered another flaw in WhatsApp in 2014. The two geniuses demonstrated how a special crafted 2000-character message could make a user delete his or her entire conversation and, in the end, crashing the application. The 2014 identified flaw risked over 500 million users and the WhatsApp team rushed in and salvaged the situation by fixing the bug in a later update.

The fight against cybercrime is still on and winning the fight might be tricky since the most new tactics are being invented against it, the greater the technology is becoming to promote it. With WhatsApp’s tremendous popularity and large user base, the security of the application’s users should not be compromised by such flaws. WhatsApp appears to be vulnerable to flaws since these two last discovered incidences have been reported in a span of not more than a month.

Something needs to be done by the WhatsApp crew lest they want to lose popularity and market.