Being the most popular instant messaging app, WhatsApp offers different clients for each operating system. WhatsApp for Windowsalso called WhatsApp Desktop, offers a good experience despite its similarities to WhatsApp Web, accessible from any browser.
However, like any other software, it is susceptible to bugs that can cause problems for users. This is the case with bug which is found in Pplware, which represents a great threat compared to the receiving files. We explain what it is and how to avoid it.
WhatsApp and Python, a dangerous combination
Despite Meta’s efforts to protect its messaging application, various vulnerabilities sometimes appear that hackers exploit to attacking users of the platform. Fortunately, to avoid invasions of our account, we have a setting that is important to review from time to time and to protect our discussions, there are two security tips.
However, each WhatsApp client is a world, and in this sense, the Windows PC version hides a serious security breach What Meta has not covered at the moment. When a contact sends us a file, a photo or an audio via WhatsApp, the service blocks those potentially dangerous, to guarantee our safety.
Of course, there are exceptions, and very dangerous ones, it must be said. In the WhatsApp client for Windows, they can send you a attachment in Python and PHP which will be executed without notice. Of course, in such a case, if the attacker wants to succeed, the user must have Python installed.
This greatly limits the target users, because It is aimed primarily at software developers and advanced users.. This fact does not diminish its importance in any way: there are three types of files that the WhatsApp client for Windows does not block.
- .PYZ format: Python application in a ZIP file
- .PYZW format: PyInstaller program
- .EVTX format: Microsoft event log
These were spotted by security researcher Saumyajeet Das while he was experimenting with the types of files that could be attached in Meta app chats. As we read in the middle, further testing confirmed this issue and also added another equally serious one: WhatsApp “swallows” the PHP script executions.
All it takes is receiving one of these files and pressing the “Open” button for our security to be compromised. The aforementioned researcher reported this bug to Meta on June 3. More than a month later, the company responded that the issue had been reported and should now be resolved.
This did not happen, as it is still present in the current public version of WhatsApp for Windows. So we can only continue to wait and protect ourselves from this threat. How? Mainly, not allowing users who are not contacts to send us files, and if we ever find a file of this type, the best thing would be to ignore it.
By | Software
Cover Image | Microsoft Designer with Photoshop AI
In Xataka Android | How to update WhatsApp for Android to the latest version
