Users of WhatsApp Web (the browser-based version of the app) were recently targeted with an image-based security threat where simply clicking an image could have hacked their accounts.

A security vulnerability was present in WhatsApp Web and it was recently patched by WhatsApp. By exploiting this vulnerability, an attacker could send a malicious code (virus or malware) hidden within an image to their target. And clicking this image would let the attacker take control of the victim’s WhatsApp account and access all its data – pics, videos, chats, contact lists, everything. And by having access to the contact list, the attacker could send the same infected image to the victim’s contacts – spreading it to others and making this attack into some kind of a fission reaction – one infection leads to another and so on.

The same security vulnerability was also detected in the browser-based version of another popular messaging app Telegram. Good news is, the flaw has been fixed for both of them.

Points to remember:

  • This security flaw does not affect the mobile apps of WhatsApp and Telegram. This does not mean that these apps won’t be affected in the future.
  • Avoid clicking documents, images or links received from unknown numbers.
  • If received from a known sender, ask them about what the content is about.
  • Always use an updated version of mobile apps.
  • Install a reliable mobile antivirus that can detect and block installation of fake or harmless apps.