If you're a WhatsApp user, there's some important information you should be aware of. The Indian government has issued a warning for millions of WhatsApp users due to a serious bug found in the popular instant messaging app owned by Meta. This alert comes from the Indian Computer Emergency Response Team (CERT-In), an agency operating under the Ministry of Electronics and Information Technology. According to CERT-In, individuals using WhatsApp on their computers or laptops should exercise caution. They have issued a high-severity alert specifically for those who access the app on desktop devices.
Risk for users
The agency indicates that a significant vulnerability has been identified in WhatsApp's desktop application, which allows hackers to potentially gain access to your device and the app itself. Currently, any version of WhatsApp Desktop prior to 2.2450.6 is particularly susceptible to spoofing attacks. Exploiting this bug, hackers and scammers can steal personal information as well as compromise user accounts.
Exploitation by hackers
CERT-In notes that the vulnerability stems from a technical flaw in how files are opened in the desktop version of WhatsApp. This bug arises from a lack of alignment between the MIME type and file extension, leading to issues when opening attachments. At times, WhatsApp fails to properly recognise certain files. Hackers can exploit this weakness to create harmful attachments disguised as legitimate files. To protect yourself from potential fraud, the agency strongly recommends that users update their app immediately.
In recent times, social media platforms have increasingly become avenues for hackers and scammers to defraud users. There have been numerous reports of scams occurring via WhatsApp. A moment of carelessness could lead to significant losses, so it is crucial to remain vigilant while using this instant messaging service. CERT-In advises against clicking on unknown links received through WhatsApp and suggests not engaging with unfamiliar numbers.
ALSO READ: Dangerous WhatsApp image scam: Cybercriminals hide malware, hack phone for OTP to empty bank account