Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Hacking WhatsApp. Show all posts
Windows
Cyberattacks CyberCrime Cyberhackers Cybersecurity CyberThreat Hacking WhatsApp MIME Spoofing Vulnerabilities and Exploits Windows

WhatsApp for Windows Exposed to Security Risk Through Spoofing Vulnerability

 


Whatsapp for Windows has been recently revealed to have a critical security vulnerability known as CVE-2025-30401. This vulnerability has raised serious concerns within the cybersecurity community since it has been identified. The high severity of this vulnerability affects desktop versions of the application released before 2.2450.6, which could lead to an exploitation attack. An issue resulting from inconsistencies in the handling of file metadata enables threat actors to manipulate these inconsistencies in order to circumvent security checks. 

By exploiting this vulnerability, malicious actors can execute arbitrary code on targeted systems without user awareness, resulting in the possibility of unauthorized access to sensitive information or data compromise. Several security experts have emphasized that in order to mitigate the risks associated with this vulnerability, you must update your WhatsApp version to the latest version. Organizations and users of WhatsApp for Windows are strongly advised to apply the necessary patches immediately so that they are protected from threats. 

In accordance with the official security advisory, there is a critical inconsistency in how WhatsApp's desktop application deals with file attachments. There is a fundamental difference between the way the application determines how to display attachments using its MIME type versus the way the operating system interprets the file extension to determine how it should be opened or executed as a result. This difference in interpretation has created a serious security vulnerability. An attacker can create a malicious file that appears benign but is actually dangerous.

For instance, the attacker might use an MIME type that is typically used for images, along with an executable file extension such as exe, to craft a malicious file. Although the application would visually present it as safe, as per its MIME type, the operating system would handle it based on what its actual extension is. As a result of such a mismatch, users may be misled into opening a file that appears harmless but in reality is executable and thus allowing the execution of arbitrary code unintentionally by the user. As a result of such an attack vector, the likelihood of successful social engineering attacks and system compromises increases significantly. 

There has been a significant amount of research conducted on the issue, and the findings indicate that if a deliberate discrepancy was made between the MIME type and the extension of the file, it could have led the recipient unintentionally to execute arbitrary code by manually accessing the attachment within WhatsApp's desktop application, instead of just viewing its contents. This behavior represented a considerable threat, particularly in scenarios involving the user initiating the interaction. 

Fortunately, an independent security researcher who discovered this vulnerability and disclosed it to Meta through the company's Bug Bounty Program has been credited with responsibly disclosing it to the company, but the company does not appear to have confirmed whether the vulnerability has been actively exploited in the real world. It is important to note that such a security issue has not occurred on the platform in the past. 

In July 2024, WhatsApp was able to resolve a related security issue, which allowed Python and PHP attachments to be run automatically by Windows systems with the corresponding interpreters installed—without prompting the user. In the same vein, an incident similar to that of the platform highlighted the risks associated with the handling and execution of files incorrectly. In the end, these cases emphasize the importance of rigorous input validation and consistent file interpretation across all applications and operating systems, regardless of the type of application.

Due to its vast user base and widespread adoption, WhatsApp remains a highly valuable target for cyber threat actors, whether they are motivated by financial gain or geopolitical interests. The platform has become a recurring target of malicious campaigns because of its deep integration into users' personal and professional lives, coupled with the trust it commands. There have been several incidents in which attackers have exploited security vulnerabilities within WhatsApp to gain access to users' data, exfiltrate sensitive data, and install sophisticated malware as a result. 

A zero-day vulnerability that affects WhatsApp is particularly lucrative in underground markets, sometimes commanding a price of over one million dollars. Not only does the WhatsApp user base have a large footprint, but attackers can also gain an advantage by unknowingly accessing private conversations, media files, and even device-level abilities to gain a strategic advantage. Graphite, a form of spyware developed by Paragon, had been exploited by active hackers in March 2025 as a zero-click, zero-day vulnerability which WhatsApp remedied in March 2025. 

Using this exploit, the targeted individuals could be monitored remotely, without the victim having to interact with the attacker - an example of an advanced persistent threat campaign. An investigation by a research group based at the University of Toronto uncovered this surveillance campaign, which targeted journalists and members of civil society. The Citizen Lab was conducting the investigation, which was the source of the information. 

Following their report, WhatsApp swiftly acted to neutralize the campaign. Meta confirmed that the vulnerability had been silently patched in December 2024 without a client-side update being required. Despite being resolved without a formal CVE identifier being assigned, the issue is still of great importance to the global community. In order to protect platforms of such importance from exploitation, proactive vulnerability management, continuous security auditing, and cross-sector cooperation must be adopted. 

In the wake of the successful implementation of server-side mitigations, WhatsApp sent out security notifications on January 31 to roughly 90 Android users across over two dozen countries that had been affected by the vulnerability. Journalists and human rights activists in Italy were among the individuals alerted. They were identified as the targets of an elaborate surveillance operation using Paragon Graphite spyware, which utilized the zero-click exploit of a computer system. 

An Israeli cybersecurity firm known as NSO Group has been accused of violating American anti-hacking statutes by distributing its Pegasus spyware utilizing WhatsApp zero-day vulnerabilities in December of 2016, following a pattern of highly targeted cyber intrusions utilizing advanced surveillance tools. This incident follows a broader pattern of highly targeted cyber intrusions. Several evidences were provided to the court which indicated that at least 1,400 mobile devices had been compromised as a result of these covert attacks.

According to court documents, NSO Group carried out zero-click surveillance operations by deploying multiple zero-day exploits to compromise WhatsApp's systems. As part of the spyware delivery process, malicious messages were sent that did not require the recipient to interact with them at all, exploiting vulnerabilities within the messaging platform. Aside from that, the documents also allege that NSO developers reverse engineered WhatsApp's source code to create custom tools that could deliver these payloads, conduct that was deemed to have been illegal under state and federal cybersecurity laws. 

Those cases emphasize the increasing sophistication of commercial surveillance vendors as well as the necessity for robust legal and technical defenses to protect digital communication platforms, as well as the individuals who rely upon them, from abuse. As a result of these incidents, user must remain vigilant, maintain timely security updates, and strengthen the security measures within widely used communication platforms to reduce the risk of cyber-attacks. 

There has been an increasing prevalence of threat actors using sophisticated techniques to exploit even small inconsistencies, which is why it is essential to maintain a proactive and collaborative approach to cybersecurity. To maintain a secure digital environment, platform providers and end users both need to be aware of and responsible for their role as well.
Read more »
Spyware Attack
Cyber Attacks Hacking WhatsApp Israeli Firm Israeli spyware Malicious Software Spyware Spyware Attack

WhatsApp Uncovers Zero-Click Spyware Attack Linked to Israeli Firm Paragon

 

WhatsApp has uncovered a stealthy spyware attack attributed to Israeli firm Paragon, targeting nearly 100 users worldwide, including journalists and civil society members. This zero-click attack required no user interaction, making it particularly dangerous as it could infiltrate devices without victims clicking on links or downloading attachments. 

A WhatsApp spokesperson confirmed that the company successfully identified and blocked the exploit, directly notifying those affected. The investigation, supported by cybersecurity research group Citizen Lab, revealed that the spyware could extract private messages, access call logs, view photos, and even activate the device’s microphone and camera remotely. John Scott-Railton, a senior researcher at Citizen Lab, highlighted the broader risks associated with such surveillance tools. He stressed the need for greater accountability within the spyware industry, warning that unchecked surveillance capabilities pose serious threats to personal privacy and digital security. 

Italian media outlet Fanpage.io first reported the breach, revealing that its director, Francesco Cancellato, was among the targeted individuals. WhatsApp informed him that malicious software might have compromised his device, potentially granting unauthorized access to sensitive data. In response, Cancellato and a team of independent analysts are examining the extent of the breach and working to determine who orchestrated the espionage. Paragon, which has positioned itself as a more ethical alternative to controversial spyware vendors like NSO Group, now faces increased scrutiny. 

The company had been seeking entry into the U.S. market but encountered regulatory hurdles after concerns arose over national security risks and human rights implications. The Biden administration’s executive order on commercial spyware, designed to curb the spread of digital surveillance tools, contributed to the suspension of a key contract for Paragon. Cybersecurity experts caution that even democratic governments have misused surveillance technology when regulatory oversight is inadequate. 

The exposure of Paragon’s spyware campaign raises questions about the potential for abuse, especially in the hands of entities operating with minimal transparency. Experts argue that unless stringent policies are enforced, spyware firms will continue to develop and distribute invasive surveillance tools without accountability. Paragon has yet to respond to the allegations, but the revelations about its activities are likely to fuel ongoing debates over the ethics of commercial spyware. 

This case underscores the urgent need for stronger global regulations to prevent the misuse of surveillance technologies and protect individuals from unauthorized digital intrusions.
Read more »
Malware Attack
APK CloudSEK Cyber Attacks Hacking Attack Hacking WhatsApp Indian Cyber Security Malware Attack

Vietnamese Hackers Target Indian Users with Fake WhatsApp E-Challan Messages

 

A highly technical Android malware campaign orchestrated by Vietnamese hackers is currently targeting Indian users via fake traffic e-challan messages on WhatsApp. Researchers from CloudSEK, a cybersecurity firm, have identified this malware as part of the Wromba family. So far, it has infected over 4,400 devices, resulting in fraudulent transactions amounting to more than ₹16 lakh by just one scam operator. 

Vikas Kundu, a threat researcher at CloudSEK, reported that these scammers send messages impersonating Parivahan Sewa or Karnataka Police, tricking recipients into downloading a malicious app. Once the link in the WhatsApp message is clicked, it leads to the download of a harmful APK disguised as a legitimate application. This malware then requests excessive permissions, including access to contacts, phone calls, SMS messages, and even the ability to become the default messaging app. By intercepting OTPs and other sensitive messages, the attackers can log into victims’ e-commerce accounts, purchase gift cards, and redeem them undetected. 

Kundu explained that once the app is installed, it extracts all contacts from the infected device, enabling the scam to propagate further. Additionally, all SMS messages are forwarded to the attackers, allowing them access to various e-commerce and financial apps. The attackers cleverly use proxy IPs to avoid detection and maintain a low transaction profile. The report indicates that the attackers have accessed 271 unique gift cards, conducting transactions worth ₹16,31,000. 

Gujarat has been identified as the most affected region, followed by Karnataka. To guard against such malware threats, CloudSEK advises users to stay vigilant and adopt security best practices. These include installing apps only from trusted sources like the Google Play Store, regularly reviewing and limiting app permissions, maintaining updated systems, and enabling alerts for banking and sensitive services. This campaign underscores the growing sophistication of cyber threats and the importance of robust cybersecurity measures. 

As cybercriminals continue to develop new methods to exploit vulnerabilities, it is crucial for users to remain cautious and proactive in protecting their personal and financial information. Collaboration between cybersecurity firms and users is essential to effectively combat these evolving threats and safeguard against future incidents. By staying informed and adopting best practices, users can significantly reduce their risk of falling victim to such malicious campaigns.
Read more »
User Data
Cyber Security data security Hacking WhatsApp iOS security macOS Signal Signal app User Data

Major Security Flaw in WhatsApp and Signal MacOS Apps Puts User Data at Risk

 

A significant security warning has emerged for WhatsApp and Signal users this week, urging them to consider deleting their apps, particularly on MacOS. The issue, primarily affecting Apple users leveraging multi-device functionality, highlights severe vulnerabilities in the MacOS versions of these popular messaging platforms. Security researcher Tommy Mysk, known for uncovering critical vulnerabilities, recently disclosed that both WhatsApp and Signal MacOS apps store local data, including chat histories and media attachments, in locations accessible to any app or process running on the device. 

This is a stark contrast to Apple’s iMessage, which, despite storing similar data, uses sandboxing to prevent unauthorized access by other apps. The primary concern lies in how these apps handle local data storage. While WhatsApp and Signal emphasize end-to-end encryption for secure message transmission, this protection is compromised if local data can be accessed by other apps or malware. Mysk explained that the chat histories, the core of what these apps are designed to protect, are not sufficiently safeguarded on MacOS. The vulnerability means that if a malicious app gains access to the device, it could potentially monitor and exfiltrate the unencrypted local data. 

For WhatsApp, this includes both chat histories and media attachments. Mysk warned, “WhatsApp doesn’t encrypt the local database that stores chat histories. It doesn’t encrypt media attachments sent through the chat either. A simple malware could theoretically monitor this data and send it live to a remote server, rendering end-to-end encryption useless.” Signal, on the other hand, does encrypt local chat histories but fails to encrypt media attachments. More concerning is that the encryption key for the local chat history is stored in plain text within the same folder, making it accessible to other apps. This flaw undermines the app’s security, as an attacker could clone the local data folder to another device and restore the session. 

Mysk highlighted, “Signal’s false sense of security extends to their back-end servers. When copying the entire folder containing the app’s local data and moving the copy to a different Mac, an attacker can restore the session. Signal servers let the ‘cloned’ session co-exist with the other legit sessions.” The discovery underscores the persistent risk of endpoint compromise for fully encrypted platforms. While end-to-end encryption protects data in transit, the local storage vulnerabilities in these MacOS apps open potential pathways for remote or physical attacks. 

As users continue to rely on messaging apps for secure communication, these revelations call for immediate action from both WhatsApp and Signal to address these security gaps and reinforce their data protection measures on MacOS. For now, users should remain vigilant and consider the potential risks when using these platforms on their Mac devices.
Read more »
WhatsApp
Banking Data Cyber Attacks Cyber Scams E-Commerce fake Hacking WhatsApp Malaysia Malware Attack Payment Gateway WhatsApp

The Fake E-Shop Scam Campaign Sweeping Southeast Asia, seizing users banking details

 

In recent years, cybercriminals have been increasingly employing sophisticated tactics to target individuals and organizations across the globe. One such alarming trend is the proliferation of fake e-shop scam campaigns, particularly prevalent in Southeast Asia. 

These campaigns, characterized by their deceptive methods and malicious intent, pose significant threats to cybersecurity and personal privacy. The emergence of the fake e-shop scam campaign targeting Southeast Asia dates back to 2021, with a notable surge in activity observed by cybersecurity researchers in September 2022. 

Initially concentrated in Malaysia, the campaign swiftly expanded its operations to other countries in the region, including Vietnam and Myanmar. This expansion underscores the growing sophistication and reach of cybercriminal networks operating in Southeast Asia. At the heart of these malicious campaigns are phishing websites designed to deceive unsuspecting users. 

These websites often masquerade as legitimate e-commerce platforms or payment gateways, luring victims into providing sensitive information such as login credentials and banking details. Once users are enticed to visit these fraudulent sites, they are exposed to various forms of malware, including malicious Android applications packaged as APK files. 

The modus operandi of the attackers involves social engineering tactics, with cybercriminals leveraging popular communication platforms like WhatsApp to initiate contact with potential victims. By impersonating cleaning services or other seemingly innocuous entities on social media, the perpetrators exploit users' trust and curiosity, leading them to engage in conversations that ultimately result in malware infection. 

The malware deployed in these fake e-shop scam campaigns is multifaceted and constantly evolving to evade detection and maximize its impact. Initially focused on stealing login credentials for Malaysian banks, including prominent institutions like Hong Leong, CIMB, and Maybank, the malware has since incorporated additional functionalities. These include the ability to take screenshots, exploit accessibility services, and even facilitate screen sharing, granting the attackers unprecedented control over infected devices. 

Furthermore, the attackers have demonstrated a keen understanding of the linguistic and cultural nuances of their target regions. In Vietnam, for example, the campaign specifically targeted customers of HD Bank, employing phishing websites tailored to mimic the bank's online portal and language. Similarly, in Myanmar, the attackers utilized Burmese language phishing pages to enhance the credibility of their schemes among local users. 

The implications of these fake e-shop scam campaigns extend beyond financial losses and reputational damage. They represent a direct assault on user privacy and cybersecurity, with far-reaching consequences for individuals and businesses alike. The theft of sensitive personal and financial information can lead to identity theft, unauthorized transactions, and even ransomware attacks, resulting in significant financial and emotional distress for victims. 

In response to these evolving threats, cybersecurity experts emphasize the importance of proactive measures to safeguard against malicious activities. This includes exercising caution when interacting with unfamiliar websites or online advertisements, regularly updating antivirus software, and staying informed about emerging cybersecurity threats. 

Ultimately, combating the scourge of fake e-shop scam campaigns requires collective action and collaboration among stakeholders across the cybersecurity ecosystem. By raising awareness, implementing robust security measures, and fostering a culture of cyber resilience, we can mitigate the risks posed by these insidious threats and protect the integrity of our digital infrastructure.
Read more »
Hacking WhatsApp
CPR Cyber Attacks Data Theft Hacking WhatsApp

WhatsApp Files on Dark Web Show Millions of Records for Sale

 

In mid of November, a cyber threat actor claimed on a dark web forum to have stolen the personal credentials of around 500 million WhatsApp users. Following the incident, Check Point Research (CPR) published a new advisory in which they analyzed the leaked files including 360 million phone numbers from 108 countries. 

However, data coming from each country show a different ratio of exposed data, ranging from 604 in Bosnia and Herzegovina to 35 million attributed to Italy. Additionally, in the initial days of the hack, the hackers set files for sale which included international dial codes, however, now the same data is being distributed free of cost amongst hackers. 

The hack first was exposed on 16th November in a message published by the cyber threat actor on the hacking forum named BreachForums. 

"While the information on sale does not expose the content of any messages themselves, it is still worrying to see such a large volume of phone numbers for sale on the Dark Web. There is the potential that this information could be used as part of tailored phishing attacks in the future,” Deryck Mitchelson, field CISO of EMEA at CPR said. 

Once the threat actors get the access to phone numbers of users  and then sell the same, attacks such as smishing or vishing are likely to follow. 

“The WhatsApp ‘leak’ is nothing more than phone numbers obtained from the Facebook ‘leak’ that took place in 2019. The sample of 5000 WhatsApp data records from Poland is identical to those we already saw in 2019,” Paciorek claimed. 

According to the technical data, Smishing (phishing via SMS) and Vishing (phishing via voicemail) attacks have been observed excessively in the past few years, and it is highly likely these types of attacks will increase. Often these texts come from your bank, asking you to grant personal or financial information including your account or ATM number. Users must remain wary of such texts that appear to be from suspected sources.
Read more »
Spam
Hacking Instagram Hacking WhatsApp Phishing and Spam Spam

Experts have revealed the cost of hacking accounts in social networks

 The most popular social networks and messengers for hacking attempts are VKontakte (VK), Instagram, Telegram and WhatsApp, while the price can vary from $10 to $2,300. This is stated in a study conducted by Bi.Zone.

"We analyzed ads on the darknet from May 2020 to August 2021. In different months, the cost of hacking varied dramatically. This could be due to a situation where some sellers are not actually providing a service but are simply scamming people. They are the ones who can actively dump on the market. Real hackers set their prices based on the time spent. Sometimes they can search for a password in a leak which will significantly reduce the search price. If there is an insider attacker from the developer company, then most likely the high price will be due to the usual risk for the criminal", said Evgeniy Voloshin, director of BI.ZONE expert services block.

The analysis showed that the price of the offer to hack an account in VK varies from $10 to $160. Scammers most often offer to hack this social network.

According to experts, the social network Instagram remains in second place in popularity among hackers. The scammers estimate the cost of their services at $540.

Among messengers, Telegram and WhatsApp hacking offers are leading in popularity. For violating the privacy of these applications, scammers charge from $410 to $2,300 and from $270 to $1,770.

Hacking a personal mailbox, according to analysts, remains another popular service among scammers, the cost of which ranges from $40 to $1,500, respectively.

Voloshin recommends using long passphrases, password managers and a two-factor authentication system to avoid hacking personal accounts. Also, in his opinion, it is important not to store data in cloud services and not to send it in messengers, connecting to an unknown Wi-Fi source.

Read more »
Subscribe to: Posts (Atom)