WhatsApp Flaw Helped Send Spyware With a Voice Call (May 13, 2019)
The Facebook-owned messaging application, “WhatsApp,” has confirmed that it was affected by a vulnerability that affects Android, iOS, and Windows phone operating systems. The vulnerability was identified after compromised parties informed WhatsApp that spyware, believed to be created by the Israeli firm “NSO Group,” was found their phones. Threat actors could exploit the vulnerability residing in the Voice Over IP (VOIP) function by sending custom-created packets to manipulate WhatsApp’s memory to allow for remote code execution.
Recommendation: WhatsApp has released an updated version to address this vulnerability that should be downloaded as soon as possible to avoid potential malicious activity. This story depicts the importance of having software maintenance policies in place for you organization. Therefore, it is important Always keep your mobile phone fully patched with the latest security updates. Only use official locations such as the Google Play Store / Apple App Store to obtain your software, and avoid downloading applications, even if they appear legitimate, from third-party stores.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.