WhatsApp has been transformed into a hub of many updates that improve the user experience, even occasionally like this critical vulnerability: content, images and conversations.
Security company Ko Security has alerted you to an attack that compromises user information, including sent and received messages, a complete list of contacts, multimedia archivesdocuments as well as access and authentication keys.
This vulnerability is no less Act like a teacher at our houseallowing an attacker to perform any type of malicious action, whether by stealing information or verifying an account.
If it is malware affected more than 56,000 users who used a popular tool related to the most used messaging app in Spain.
Nadia imagined that this tool for WhatsApp will be on the channel Because of this, attachments will have access to all user account content.
Baileys, one development library for WhatsApp was recognized for its efficiency and features such as creating bots or automation on the WhatsApp site, it was the platform used to infiltrate WhatsApp.
The “lotusbail” package contained corrupted code and was available in the registry of software commonly used by JavaScript developers. Baileys is included in this package.
One of his most alarming features: was undetectable. It is said to be run covertly while collecting credentials or even intercepting text messages or recording conversations Hypertext.
A serious vulnerability that particularly affects advanced users such as descarrollers due to the use of a library intended for such purposes.
This means that even if regular users aren’t directly affected, it’s not a major security breach that allows an attacker more freedom to steal credentials, receive messages, and even access a user’s photos and videos.
no embargo, this can be prevented in a very simple way using WhatsApp’s “Connected Devices” tool.
The list must contain all devices that we have connected manually using a QR code at any time. If we detect any suspicious device, we simply have to delete it.
Effective malware that shows no signs of malicious behavior once installed, verified, and deployed to production. Malicious code can never be revised if the system is working properly, and this is the main strategy of attackers.
Leave a Reply