WhatsApp by Facebook is an instant messaging app that lets you send anything which you want to share with your loved ones. But there is bad news for all those who love to “WhatsApp” their friends and family every time.
A new spyware threat called “PEGASUS SPYWARE” is out there. This spyware compromises your WhatsApp data even your personal data present on the phone.
WhatsApp itself confirmed that there is a vulnerability present in WhatsApp which this Spyware is violating.
How hackers use PEGASUS SPYWARE
According to WhatsApp hackers can use this spyware to take control of your device data. The vulnerability present in WhatsApp can be triggered by an infected MP4 video. So, hackers will send you a malicious video file of MP4 format to take control of your device data.
This malware will produce an error of DOS (Denial of service) due to buffer overflow. After which Remote code execution will take place and all your data will be transferred to hackers.
How to be safe
As per WhatsApp, you should update your WhatsApp now to be safe from “Pegasus Spyware”. Once you have updated your WhatsApp you will be safe from this spyware.
Moreover, people keep auto media download ON even for unknown numbers, this makes it easier for hackers to send any malicious file. So, just keep auto-download on for your contacts and trusted persons.
Advisory from Facebook
Facebook released an advisory in view of this vulnerability present in WhatsApp, “A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Windows Phone versions before and including 2.18.368, Business for Android versions prior to 2.19.104, and Business for iOS versions prior to 2.19.100“.