Reports this week have brought the public’s attention to the latest malware threat for Whatsapp users. What’s particularly worrisome about the malicious threat is that a missed call is all it takes to compromise your device.
Here is what you should know about this particular Whatsapp vulnerability…
What does this Whatsapp malware do?
The malicious software in this attack exploits a vulnerability in the Whatsapp messaging app in order to spy on smartphone users.
According to Kaspersky Labs, the spyware makes its way onto your device through a call on Whatsapp.
[The vulnerability] allowed hackers to eavesdrop on users, read their encrypted chats, turn on the microphone and camera, and install spyware that allows even further surveillance, such as browsing through the victim’s photos and videos, accessing their contact list, and so on,” Kaspersky says on their security blog.
To add to the threat, this malware can infect devices with a hacker simply calling the victim on Whatsapp.
According to The Register, you don’t even need to answer the call. Your phone simply needs to be on.
How to protect yourself from the Whatsapp exploit
The good news is that the vulnerability has been patched in the latest version of Whatsapp.
According to Facebook, the company that owns Whatsapp, the specific versions of Whatsapp affected by the vulnerability include: WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.
In order to protect yourself from the vulnerability, you need to make sure that your version of Whatsapp is up-to-date.
You can do this by visiting the Google Play Store or App Store on your device. If you need to update your version, you will see an “Update” button on the right of the Whatsapp app page.
If you have the latest version installed, you will see a button that says “Open” instead.
How can I tell if I was affected by the Whatsapp exploit?
Unfortunately, there’s no clear way to tell whether your phone has been targeted in the Whatsapp exploit.
After all, researchers are unclear exactly which malicious app is injecting the spyware onto devices. However, it is most likely spyware named Pegasus.
The good news, if it is Pegasus, is that this sophisticated malware (that is costly to develop) is usually deployed by hackers working on the behalf of states. This means that they aren’t targeting regular people or general consumers.
Rather, those at risk are high-value intelligence targets such as politicians and state officials.
However, you should still update to the latest version of Whatsapp since the presence of a vulnerability always leaves your cybersecurity at risk.
After all, now that the vulnerability is public knowledge, more people could try to exploit it.