Malicious GIFFs are Hacking WhatsAPP Chats

If you have an Android and you use the WhatsAPP tool to communicate, be on the lookout for potentially malicious GIFs.

Not quite sure what a GIF is? Well, if you’ve ever received a text with a funny moving picture (they range from movie quotes to cat video clips) that is a GIF. They make us laugh, reinforce themes in our conversations, and we love to send or receive them. How could someone turn something so friendly and usable into something so harmful to our devices? That’s a question we ask ourselves every day considering how many applications have been transformed to work against us for cyber-attacker’s gains.

WhatsApp is a widely used application costing virtually no money as long as your smartphone or device is linked into the internet. The Voice over IP service allows users to send texts, voice calls, voice messages, video call, and send images, documents, and locations to other users (and GIFs). It’s a nice option if you can only operate over wi-fi and have no service provider to utilize SMS messaging.

Now, the GIF security flaw is reportedly a “double-free bug” existing in the WhatsApp application for all Android versions below 2.19.244. This tpe of vulnerability occurs “when the free() parameter is called twice on the same value & argument in software,” and can lead to “memory leaking or becoming corrupted and this gives an attacker the change to overwrite elements or even execute arbitrary code.”

If you’re not a programmer the easiest way to re-explain that is while coding “Freeing a resource more than once can lead to memory leaks. The allocator’s data structures get corrupted and can be exploited by an attacker.”

A researcher was able to create the GIF and trigger the vulnerability, which can apparently be activated in two ways. The first requires a malicious application to already exist in the users’ Android device and once a malicious GIF is created it is used to steal files from WhatsApp by “collecting library data.” The second method requires a user be exposed to the malicious GIF as an attachment or to open the GIF file directly from Gallery View in the application.

Although these short videos are hilarious and heartwarming, we recommend updating your application before you click on, or have a malicious GIF sent to you. The most recent version of WhatsApp 2.19.244 has been patched.

–Emmy Seigler

Sources:

https://www.msn.com/en-us/news/technology/whatsapp-chats-hacked-with-a-malicious-gif/ar-AAIed2Q

https://heap-exploitation.dhavalkapil.com/attacks/double_free.html

Image Source:

https://www.canva.com/design/DADnLXH5euM/kXn_jJ9RUKcBa4PEa0bT_g/edit