WhatsApp is used by close to a billion people on a monthly basis, a feat that the chat app only enjoys by itself.
What makes this app such a popular messaging platform is the ease with which it lets users communicate with each other. Also, the app is free to use and comes with no ads or gimmicks, just the way most users love it. The Facebook-owned application offers it’s messaging and calling services in encrypted form such that no third party can access whatever conversation you are having with your friends.
The even better thing about this app is the fact that it can be installed on almost all mobile operating systems and at the beginning of last year, it added support for desktops via a web-based client known as WhatsApp Web.
Even though Facebook is relishing the idea of providing free messaging and calling services to more than 900 million people, this also comes at a price. This huge user base also attracts malicious hackers who want to exploit the many innocent people using this app from all corners of the world. This threat has in fact been on the rise in recent times, with more and more vulnerabilities being discovered on the platform.
Surprisingly, these issues have always been discovered by third party players and not the WhatsApp or Facebook team itself, which raises further questions regarding the competitive nature of the company’s security team. Hackers have in recent times been targeting users of this app with some specially crafted malware that come in the form of emails. The app has also been found withy loopholes that may be used to crash the app easily.
WhatsApp phishing scheme
Just last week, Comodo Labs discovered that there is a new malware that is targeting users of WhatsApp, be it business or consumers.
What this phishing scheme is attempting to do is convince victims to open links sent to their emails disguised as official messages from WhatsApp. Hackers are very creative with their subject lines, making them seem like nothing harmful; for instance, users will see something like “You have received a voice notification qrhk,” with the strange characters at the end believed to be identifiers of the message’s recipient.
In the message’s body, you come across some images and text that works to convince you that the sent email is coming from WhatsApp and nowhere else. Don’t even think about opening these messages, instead, simply report such messages as spam.
One thing you need to be aware of is that during sign up, WhatsApp only asks for your phone number and nothing to do with emails. So, the question that comes here is why should the company send you anything through your email yet the only identifier they have been your phone number? Be careful with the messages you open on your device. To add to these suspicions, no WhatsApp contact will take the pain of going to their email address just to compose a message containing images, audio files, videos or even text yet the same can be done in a nick of time via the most popular chat app.
WhatsApp emoji bomb
Another threat that has been haunting users of WhatsApp is the one described as emoji bomb. Discovered by a teenager, this threat will crash your app whenever you enter thousands of emojis into the text area and try to send them to a friend. This problem was initially discovered to be affecting WhatsApp Web, but it seems the same case is also affecting the mobile app.
WhatsApp Web lets users create messages with up to 6,600 characters. However, the emoji bomb will work in a way that once you have entered about 4,400 characters, it starts slowing down the app’s performance. Since the character limit is not yet reached at this moment, you can keep on adding more characters; however, this will result in a crashed app.
This problem is vast on the web client and Android devices, but iOS users will only experience a frozen app for a few seconds.
Hopefully, WhatsApp developers will work swiftly to amend this problems and vulnerabilities in the most used messaging and calling app in the world.