Carding Forum
Professional
- Messages
- 2,788
- Reaction score
- 1,178
- Points
- 113
Why is Meta slow to take measures to protect users?
The latest version of WhatsApp for Windows hides a serious vulnerability. It allows attackers to send attachments with Python and PHP scripts that run without warning as soon as the recipient opens them.
The problem is similar to the Telegram security breach for Windows, revealed in April. Then the developers initially rejected the message about the problem, but later they fixed it. In the case of Telegram, attackers could bypass security warnings and execute code remotely by sending a Python file with the extension .pyzw via messenger.
Saumanjit Das, a security expert, came across this vulnerability while experimenting with different types of files attached to WhatsApp messages. He found out that the app doesn't block running files .PYZ (Python ZIP app), .PYZW (the PyInstaller program) and .EVTX (Windows Event Log).
Additional research conducted by BleepingComputer confirmed Das ' findings and showed that PHP scripts are also missing from the WhatsApp blacklist.
For a successful attack, Python must be installed on the victim's computer, which narrows the range of potential targets to software developers, researchers, and advanced users. However, this restriction does not reduce the severity of the problem.
Interestingly, WhatsApp blocks many other potentially dangerous file types. For example, when trying to send files with extensions .EXE,. COM, .SCR,. BAT or Perl, the application issues a warning and offers the user only two options: "Open" or "Save as". However, an attempt to open such a file leads to an error, leaving users with the only option - to save the file to disk and run it from there.
Das reported the issue to Meta on June 3, but received a response on July 15 that another researcher had already raised the issue. Despite this, when Das contacted BleepingComputer, the bug was still present in the latest version of WhatsApp for Windows (v2. 2428. 10. 0).
A company representative said that they do not consider this a problem on their part and do not plan to make corrections. Instead, WhatsApp focuses on warning users not to open files from strangers, regardless of which application they are received in. In addition, a WhatsApp representative spoke about the built-in security system. It warns users if they receive text messages from someone outside their contact list or with a phone number registered in another country.
However, experts note that if the account is hacked, the attacker will be able to send malicious scripts to all contacts in the list, and it will be easier to execute them directly from the messenger. Moreover, such attachments can get into public and private group chats, which opens the way for hackers to distribute malicious files en masse.
Das is extremely disappointed with WhatsApp's actions. In his opinion, "it is enough to add the .pyz and .pyzw extensions to the blacklist to prevent potential attacks through Python files."
At the time of publication of the news, WhatsApp has not explained why the PHP extension is not blocked. So far, WhatsApp for Windows users are advised to take extra care when opening attachments, especially if they contain Python or PHP scripts.
Source
The latest version of WhatsApp for Windows hides a serious vulnerability. It allows attackers to send attachments with Python and PHP scripts that run without warning as soon as the recipient opens them.
The problem is similar to the Telegram security breach for Windows, revealed in April. Then the developers initially rejected the message about the problem, but later they fixed it. In the case of Telegram, attackers could bypass security warnings and execute code remotely by sending a Python file with the extension .pyzw via messenger.
Saumanjit Das, a security expert, came across this vulnerability while experimenting with different types of files attached to WhatsApp messages. He found out that the app doesn't block running files .PYZ (Python ZIP app), .PYZW (the PyInstaller program) and .EVTX (Windows Event Log).
Additional research conducted by BleepingComputer confirmed Das ' findings and showed that PHP scripts are also missing from the WhatsApp blacklist.
For a successful attack, Python must be installed on the victim's computer, which narrows the range of potential targets to software developers, researchers, and advanced users. However, this restriction does not reduce the severity of the problem.
Interestingly, WhatsApp blocks many other potentially dangerous file types. For example, when trying to send files with extensions .EXE,. COM, .SCR,. BAT or Perl, the application issues a warning and offers the user only two options: "Open" or "Save as". However, an attempt to open such a file leads to an error, leaving users with the only option - to save the file to disk and run it from there.
Das reported the issue to Meta on June 3, but received a response on July 15 that another researcher had already raised the issue. Despite this, when Das contacted BleepingComputer, the bug was still present in the latest version of WhatsApp for Windows (v2. 2428. 10. 0).
A company representative said that they do not consider this a problem on their part and do not plan to make corrections. Instead, WhatsApp focuses on warning users not to open files from strangers, regardless of which application they are received in. In addition, a WhatsApp representative spoke about the built-in security system. It warns users if they receive text messages from someone outside their contact list or with a phone number registered in another country.
However, experts note that if the account is hacked, the attacker will be able to send malicious scripts to all contacts in the list, and it will be easier to execute them directly from the messenger. Moreover, such attachments can get into public and private group chats, which opens the way for hackers to distribute malicious files en masse.
Das is extremely disappointed with WhatsApp's actions. In his opinion, "it is enough to add the .pyz and .pyzw extensions to the blacklist to prevent potential attacks through Python files."
At the time of publication of the news, WhatsApp has not explained why the PHP extension is not blocked. So far, WhatsApp for Windows users are advised to take extra care when opening attachments, especially if they contain Python or PHP scripts.
Source
