Click to Skip Ad
Closing in...

WhatsApp users need to know about these 2 key threats

Updated Dec 26th, 2019 9:30PM EST
WhatsApp Email Malware Emoji Crash Chat
Image: Fast Company

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

More than 900 million people use WhatsApp on a regular basis, making the Facebook-owned app one of the most popular communication tools out there. WhatsApp offers encrypted instant messaging, voice calls and file transfers, making it a must-have app for many smartphone users. The app is available for a plethora of mobile operating systems, including computers, though it needs to be installed first on a smartphone.

Considering its massive popularity, it’s no surprise to hear that hackers are targeting WhatsApp users with specially crafted malware. On top of that, a serious bug might be used by some people to crash certain WhatsApp chats.

Security firm Comodo Labs discovered a new malware attack that targets businesses and consumers who use the application. The phishing scheme attempts to convince users to click on links that hit their email disguised as an official email from the company.

Hackers are using various subject lines to convince you to click on the contents of the email, such as “You have obtained a voice notification xgod,” or “A brief audio recording has been delivered! Jsvk.” The body of the email contains imagery and text to convince you the email is from WhatsApp (see image below), but you shouldn’t click on it. Better yet, report the message as spam as soon as you see it.

You should remember that your smartphone number is what identifies you in the WhatsApp network, so the company would have no reason to send you emails about anything. Moreover, your friends and family will send you pictures and audio recordings directly inside WhatsApp, and notifications will appear directly on the screen. No email is involved whatsoever.

The second threat you should know about involves emojis. A teenage hacker discovered that by entering thousands of emojis into a message, the app can be crashed both on the web and on mobile.

“In WhatsApp Web, WhatsApp allows 6500-6600 characters. But after typing about 4200-4400 smiley browser starts to slow down,” Indrajeet Bhuyan said. “But since the limit is not yet reached so WhatsApp allows to go on inserting. So it crashes while we type and send and in mobile too when it [the mobile app] receives it overflows the buffer, and it crashes.”

The exploit crashes the app on PC (Firefox and Chrome), and on Android (Marshmallow, Lollipop and KitKat), while on iPhone it just freezes the app a few seconds, rather than crashing it completely. A video showing the bug follows below.

Chris Smith Senior Writer

Chris Smith has been covering consumer electronics ever since the iPhone revolutionized the industry in 2008. When he’s not writing about the most recent tech news for BGR, he brings his entertainment expertise to Marvel’s Cinematic Universe and other blockbuster franchises.

Outside of work, you’ll catch him streaming almost every new movie and TV show release as soon as it's available.