Mumbai: Maharashtra cyber police on Monday issued an advisory highlighting a vulnerability in the instant messaging application WhatsApp (WA), which was discovered by Facebook last week.
The advisory states that the malware exploits WA by triggering a stack-based buffer overflow in its memory. This malware attack could prominently be of two types — denial of service (DoS) attack or a remote code execution (RCE).
Police said that this malware is disguised as an MP4 media file, which would be embedded in the device, while leading to dysfunction in the handset for a short period of time.
Once this happens, the user loses control over the application and the handset, as the malware accesses the core memory of all applications that hold the incoming data and the buffer memory.
A senior cyber official advised users to turn off their auto-download option for media files and update their WhatsApp application, but this should also be done for all the social media applications on the cellphone.
Police and the concerned parties are yet to ascertain when this vulnerability on WhatsApp was made and the number of users who could have become victims of the malware attack before it was discovered. Moreover, the intent of this malware is still unknown.
Police said that the nature and intent of the malware is not yet known to them. In fact none of the parties are aware of the damage caused.
Explaining the types of malware that could be embedded, a cyber expert said, a DoS attack involves pinging a single server from a large number of infected devices, causing the server to get overburdened and crash.
