WhatsApp alert as millions of Android users warned of another serious security threat

0
35


WhatsApp fans who use Android smartphones to send and receive their messages are being put on alert once again.

The latest warning comes from the team at Symantec who have uncovered a flaw which could leave millions of users open to attack from cyber criminals.

The problem, which also affects Telegram, stems from the lapse in time between when media files received through the apps are written to external storage, and when they are loaded in the apps’ chat user interface.

Android phones can store media either locally or away from the device with this second option most generally set as the default option.

This issue has been dubbed “Media File Jacking” and, if exploited, a malicious attacker could misuse and manipulate sensitive information such as personal photos and videos, corporate documents, invoices, and even voice memos.

For example, a malicious actor could manipulate an invoice sent by a vendor to a customer, to trick them into making a payment to an illegitimate account.

Symantec says this threat is especially concerning given the perception that security mechanisms like end-to-end encryption render this new generation of IM apps immune to privacy risks.

WhatsApp has responded to the research with the Facebook-owned company saying in a statement to The Verge: “WhatsApp has looked closely at this issue and it’s similar to previous questions about mobile device storage impacting the app ecosystem.

“WhatsApp follows current best practices provided by operating systems for media storage and looks forward to providing updates in line with Android’s ongoing development.”

This new threat comes just days after another major WhatsApp issue was discovered.

Security experts are warning that as many as 25million Android fans have been affected by malware dubbed Agent Smith.

Named after the nefarious villain from The Matrix films, the malware replaces apps such as WhatsApp with fake ones that generate ad revenue for scammers.

Users in the UK are among those affected, alongside Android users in the US and Australia.

WhatsApp fans were alerted about the Android security threat by experts at Check Point, who outlined the Agent Smith malware in a blog post.

“Check Point researchers recently discovered a new variant of mobile malware that has quietly infected around 25 million devices, while the user remains completely unaware,” the firm stated.

“Disguised as a Google related application, the core part of the malware exploits various known Android vulnerabilities and automatically replaces installed apps on the device with malicious versions without the user’s interaction.”

If you have been affected by the Agent Smith Android threat then here’s how you can remove any nefarious apps on Android, according to Check Point…

– Go to Settings Menu

– Click on Apps or Application Manager

– Scroll to the suspected app and uninstall it

– If it can’t be found then remove all recently installed apps



Source link

Advertisements

Leave a Reply