WhatsApp users have been reporting that they are receiving links that claim to turn the application’s theme from its trademark green to pink. It also promises ‘‘new features” that have not been specified. Cyber experts have warned users to refrain from opening any such link. The concerning part is that the link has been masked as an official update from WhatsApp which is making people oblivious to its malicious intent. If a user clicks on the link, their phones might get hacked and they may even lose access to their Whatsapp account. As is the norm with WhatsApp users, many of them have been sharing this link unknowingly.

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Burak Agca
Burak Agca , Security Engineer
InfoSec Expert
April 20, 2021 12:38 pm

<p>Malware exists on mobile phones and tablets in the same way as they always have on PC. Attackers use the lure of new product features to socially engineer users into downloading malware. We see our mobile devices as extensions of ourselves and think of them as inherently secure. With such a heavy focus on user privacy and freedom of inspection, many people are hesitant to leverage a security solution on their smartphone or tablet. This hesitation means that mobile users could be exposed to countless mobile threats without ever knowing it. Attackers take advantage of these knowledge gaps to infiltrate devices and steal sensitive data. </p> <p> </p> <p>In many cases, an app or operating system vulnerability is the door into an organization’s infrastructure. Without visibility into vulnerable app or OS versions on employee devices, you have no way of knowing whether your organization is at risk and can’t proactively create access policies based on that data. However, steps can be taken in order to protect employees and their devices:</p> <p> </p> <ul> <li>Ensure all your employees have the latest version of WhatsApp. To make this clear, implement a policy that requires them to update to the latest version of the app before they can or access corporate resources. </li> <li>Protect employee devices from mobile phishing attacks. With everyone working remotely, you need mobile phishing protection that works regardless of where your workers are and can defend against phishing attempts on third-party chat platforms, social media apps, and SMS. </li> <li>Make sure no customer data is being collected outside your corporate infrastructure in a way that could violate GDPR. Implement compliance-specific policies across your entire mobile fleet, especially if you allow employees to use their own devices for work. Implement security controls that can check whether apps are being delivered from an official app store source and determine any threats present within the app.</li> <li>Ensure apps are vetted before sanctioning them for corporate use.</li> </ul>

Last edited 1 year ago by Burak Agca
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x