2
http://m14hackersworld.blogspot.com

WhatsApp vulnerability can be misused for Spreading Malware

A Cross site scripting (XSS) vulnerability in WhatsApp website reported to The Hacker News by Edgard Chammas. WhatsApp is one of the most famous cross-platform mobile messaging app for iPhone, BlackBerry, Android, Windows Phone and Nokia used to send text, video, images, audio b/w Whatsapp users.

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications, such as web browsers through breaches of browser security, that enables attackers to inject client-side script into Web pages viewed by other users.

Reported vulnerability exist on payment procedure page as shown in above picture. The Sample code given below to demonstrate the vulnerability.
Recently, there has been an increase in web malware and spam activities and such vulnerabilities can be misused by attackers to spread Malwares and rouge applications.

Edgard also demonstrate that How this can be used to trick users to download a fake application (Malware - WhatsApp.apk) from other any evil domain (www.evilwebsite/WhatsApp.apk). in below given example, attacker just using a pop-up window to open fake application download link.
While the official binary is here http://www.whatsapp.com/android/current/WhatsApp.apk

According to reports in 2012 mobile malwares are 50 times increases than previous ever. We request Whatsapp team to fix the vulnerability as soon as possible.

Post a Comment

  1. You might be eligible to get a Apple iPhone 7.

    ReplyDelete
  2. I have been using AVG protection for a few years, I would recommend this product to everyone.

    ReplyDelete

M14 Network Inc. | Hassnain Arts

 
Top