A vulnerability in GIF images which are exploited to hack Android users through WhatsApp has been discovered by a Vietnamese security researcher, Pham Hong Nhat, in May this year. The payload is executed under WhatsApp’s context, therefore, it has the permission to read the SD card contents and access the WhatsApp’s message database which includes recording audio, accessing the camera and file system, as well as WhatsApp’s sandbox storage.
An attacker just needs to send a malicious GIF file to the victim’s Android Smartphone via any online communication platform and wait for the victim to open the image gallery in WhatsApp. However, the attackers need to send a document file rather than media file attachment if he wants to use messaging channel like WhatsApp or Messenger. This is due to the image compression used by these channel distorts the malicious payload hidden in images.
WhatsApp has recently patched a critical security vulnerability in its app for Android. Therefore, Condition Zebra (an International IT security services, Training and Certification provider) would like to recommend all Android users to update your WhatsApp to the latest version from the Google Play Store as soon as possible. Don’t be a victim of cybercrime.