14th May 2019 – A new spyware has been detected on WhatsApp app that allows the application to run malicious code that pores over encrypted chats, eavesdrops on calls, turns on the microphone and camera, accesses photos, contacts, and other information on a handheld, and potentially further compromises the device. Call logs can be altered, too, to hide the method of infection. The user would not even be aware as long as his/her phone is switched on.
All hackers need to do is to carefully manipulate packets of data sent during the process of starting a voice call with a victim; when these packets are received by the target’s smartphone, an internal buffer within WhatsApp is forced to overflow, overwriting other parts of the app’s memory and leading to the snoop commandeering the chat application.
WhatsApp says a vulnerability in the app let mobile phones be infected with sophisticated spyware with a missed in-app call alone. Repeated calls – even if not attended – over WhatsApp let the hackers install spyware on both iPhone and Android devices. The call log then could disappear removing all trace of the deception, the Financial Times reported.
Spokesperson from the Facebook subsidiary said recently that “an advanced cyber actor” has already infected many users with the malware in early May. Meanwhile, technicians from WhatsApp are working to fix the issue.
WhatsApp has a total 1.5 billion active users worldwide in more than 180 countries.