The Windows client for popular instant messaging platform WhatsApp has a rather worrying flaw, but owner Meta apparently doesn’t think it should be the one addressing it.
Instead, it believes that it falls upon the user to be careful not to get infected – but fortunately, the attack surface seems to be rather small, so you should be safe.
Security researcher Saumyajeet Das analyzed WhatsApp for Windows, to see which file types the client can run natively. The majority of risky ones, such as .EXE, .COM, .SCR., or .BAT were blocked, and can only be run if first saved to the computer’s hard drive. However, there are a few that the client runs directly – .PYZ (Python ZIP app), .PYZW (PyInstaller program), and .EVTX (Windows event Log file).
Negative response
In other words, if the victim clicks “Open” on any of these files in WhatsApp, they will execute the script (including malicious code) instantly. The caveat here is that the victim first needs to have Python installed which, apparently, not many people do.
According to BleepingComputer, this prerequisite limits the targets to software developers, researchers, and power users.
Das reported the problem to Meta in early June 2024, and got a response a month and a half later, saying that the issue was already reported. Apparently, Meta will not be addressing it, at all. In a statement given to BleepingComputer, the company basically said it’s up to the users to make sure they don’t open malicious files:
“We’ve read what the researcher has proposed and appreciate their submission. Malware can take many different forms, including through downloadable files meant to trick a user,” the statement reads. “It’s why we warn users to never click on or open a file from somebody they don’t know, regardless of how they received it — whether over WhatsApp or any other app.”
+ There are no comments
Add yours