WhatsApp for web a malware risk

The WhatsApp Web application used by over 200 million users globally has been found to contain several vulnerabilities that can trick victims into installing malware onto their computers.

According to Net Security, an attacker “simply needs to send a WhatsApp user a seemingly innocent vCard contact card, containing malicious code. Once opened in WhatsApp Web, the executable file in the contact card can run, further compromising computers by distributing malware including ransomware, bots, remote access tools (RATs), and other types of malicious code.”

The attacker only needs the phone number associated with the WhatsApp account.


WhatsApp announced this month that they had reached 900 million active users a month, of which at least 200 million are estimated to use WhatsApp Web.

WhatsApp Web “mirrors all messages sent and received (includes images, videos, audio files, locations and contact cards), and fully synchronises users’ phones and desktop computers so that users can see all messages on both devices.”

WhatsApp has already developed a fix for this vulnerability, which it started to deploy last week. WhatsApp users are urged to update their software to ensure they are protected.

All versions of WhatsApp Web after v0.1.4481 contain the fix for the vulnerability.

Are your employees using WhatsApp Web?

Malware CAN result in catastrophic consequences for your business.

Cyber Essentials, the new certification scheme to help businesses maintain basic cyber hygiene, supports the implementation of five basic controls, including malware protection and patch management.

Find out how Cyber Essentials certification (accreditation) for only £300 per year can help protect your business against up to 80% of Internet-based attacks and help you secure new business.