Security researchers have warned WhatsApp users against a serious vulnerability that is allowing attackers to cause a group chat to crash using a destructive app-killing message and delete their entire group chat history forever.
App-killing group message
In a report published by cyber-security firm Check Point Research on Tuesday, researchers revealed that the WhatsApp bug, which was first identified in August, allowed the malware to be delivered onto devices via a malicious group message shared by a group participant.
As soon as the message is opened, the Facebook-owned app will crash and trigger a crash loop, denying users access to all WhatsApp functions - a problem that can only be fixed by completely uninstalling and re-installing the app.
Even after WhatsApp is re-installed, users will not be able to re-join the affected group and if users do not have their data backed-up, they would lose all the messages and media content exchanged on that particular group permanently. Check out the malware in action below:
Check Point researcher Oded Vanunu explained that these malicious malware-laced messages pose a serious security risk as the messaging app is used by more than 1.5 billion people across the world. "Denial of service scenarios have been seen before on WhatsApp," he noted, "but not where you need to uninstall the app. This is very aggressive. Users who do not back up will lose everything. Users that are not technical won't be able to activate WhatsApp anymore."
How to safeguard your WhatsApp account?
After the cyber-security firm disclosed its findings to WhatsApp, they acknowledged the bug and rolled out a fix to resolve the issue in addition to adding new controls to prevent people from being added to unwanted groups and avoid communication with unknown parties.
Moreover, users, especially those who haven't updated WhatsApp since the middle of September, are recommended to download the latest version to prevent instances of crashes through these malicious group messages.
The latest fix comes weeks after WhatsApp was found to have a vulnerability that hackers could exploit to trigger remote code execution (RCE) or denial-of-service (DoS) attacks via a specially-crafted malicious MP4 file, as we previously reported. In September, WhatsApp also rolled out a bug fix for a security flaw that allowed attackers to steal a users' files and messages using a malicious GIF file.