0

According to welivesecurity, there are many WhatsApp accounts becoming somehow compromised and messages being sent from that account. How do attackers achieve this without the installation of malware?

Typically, the user has provided details (seemingly insufficient for a WhatsApp hack) through a browser. I was wondering whether they maybe exploit a vulnerability that allow them to execute a payload through a browser? Similar to what jailbreakme.com did with the iOS pdf.

Vilican
  • 2,703
  • 8
  • 21
  • 35
  • 1
    Where in the linked article does it say that messages are sent from a victim's account? Only thing I see is a Disqus comment from someone who claims to have gotten a message from a friend. But that might also just be a gullible friend sharing the "good news". – S.L. Barth Oct 26 '16 at 09:38
  • 1
    Apologies, I must have referenced the wrong article. Nevertheless, I can assure you messages are sent from the victim's whatsapp account in most of these attacks http://www.thisismoney.co.uk/money/news/article-3423132/Scam-Whatsapp-messages-friends-contain-dodgy-links-hijack-phones.html –  Oct 26 '16 at 10:52
  • I must say, also, the reason I'm looking into this (aside from my interest in security) is because I've just received one of these messages from a friend; she didn't send this herself. Nor did she install any app or update. –  Oct 26 '16 at 11:05
  • 1
    I'd tell her to change her password, even just as a precaution. – INV3NT3D Oct 26 '16 at 12:25
  • They just trick WA into believing their phone number is your (victim's) phone number. Related: http://security.stackexchange.com/a/108423/44336 – Mindwin Oct 26 '16 at 13:57

0 Answers0