What you need to know about the Whatsapp ‘missed call’ malware

Reports this week have brought the public’s attention to the latest malware threat for Whatsapp users. What’s particularly worrisome about the malicious threat is that a missed call is all it takes to compromise your device.

Here is what you should know about this particular Whatsapp vulnerability…

What does this Whatsapp malware do?

The malicious software in this attack exploits a vulnerability in the Whatsapp messaging app in order to spy on smartphone users.

According to Kaspersky Labs, the spyware makes its way onto your device through a call on Whatsapp.

[The vulnerability] allowed hackers to eavesdrop on users, read their encrypted chats, turn on the microphone and camera, and install spyware that allows even further surveillance, such as browsing through the victim’s photos and videos, accessing their contact list, and so on,” Kaspersky says on their security blog.

To add to the threat, this malware can infect devices with a hacker simply calling the victim on Whatsapp.

According to The Register, you don’t even need to answer the call. Your phone simply needs to be on.

How to protect yourself from the Whatsapp exploit

The good news is that the vulnerability has been patched in the latest version of Whatsapp.

According to Facebook, the company that owns Whatsapp, the specific versions of Whatsapp affected by the vulnerability include: WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.

In order to protect yourself from the vulnerability, you need to make sure that your version of Whatsapp is up-to-date.

You can do this by visiting the Google Play Store or App Store on your device. If you need to update your version, you will see an “Update” button on the right of the Whatsapp app page.

whatsapp google play screenshot

If you have the latest version installed, you will see a button that says “Open” instead.

How can I tell if I was affected by the Whatsapp exploit?

Unfortunately, there’s no clear way to tell whether your phone has been targeted in the Whatsapp exploit.

After all, researchers are unclear exactly which malicious app is injecting the spyware onto devices. However, it is most likely spyware named Pegasus.

The good news, if it is Pegasus, is that this sophisticated malware (that is costly to develop) is usually deployed by hackers working on the behalf of states. This means that they aren’t targeting regular people or general consumers.

Rather, those at risk are high-value intelligence targets such as politicians and state officials.

However, you should still update to the latest version of Whatsapp since the presence of a vulnerability always leaves your cybersecurity at risk.

After all, now that the vulnerability is public knowledge, more people could try to exploit it.


2 Comments Add yours

  1. marle prinsloo says:

    Thanks – super helpful.

    Liked by 1 person

    1. Megg says:

      Thanks for the comment 🙂 So glad you found it useful!


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s