Jump to content
Login new information ×
Login new information
  • Security & Privacy News

    WhatsApp attachment flaw could trick Windows users into downloading and installing malware

    Karlston

    By Karlston,
    Published Date:

    • 105 views
    • 2 minutes
     Share
    • 105 views
    • 2 minutes

    If you are using WhatsApp for Windows, then you need to be cautious. Meta has warned that a security vulnerability could trick unwary users into downloading and installing malware. The vulnerability, a spoofing one, tracked under ID CVE-2025-30401, allows threat actors and cyberattackers to disguise harmful malicious code in the form of harmless attachment files.

     

    WhatsApp listing open on Microsoft Store in Windows 11

     

    Normally, if you receive an attachment, WhatsApp identifies it by its MIME (Multipurpose Internet Mail Extensions) type (for example, a file could be identified as an image, document, or video based on its actual content). However, when you manually open the attachment, WhatsApp uses the file's extension, like .jpg or .exe, to decide how to handle it.

     

    The issue arises if the attachment is crafted with a deliberate mismatch by a threat actor. For example, the MIME type might suggest it's an image (so WhatsApp shows it as an image), but the file extension might actually indicate it’s a program (like .exe).

     

    If the recipient manually opens the attachment, expecting to view a harmless image, the system might instead execute the hidden program. This could allow the attacker’s code to run on the victim's device without their knowledge, potentially causing harm like stealing data, installing malware, or hijacking the system.

     

    Meta, in its security advisory, explains (link1, link2😞

     

    CVE-2025-30401

     

    Description: A spoofing issue in WhatsApp for Windows prior to version 2.2450.6 displayed attachments according to their MIME type but selected the file opening handler based on the attachment’s filename extension. A maliciously crafted mismatch could have caused the recipient to inadvertently execute arbitrary code rather than view the attachment when manually opening the attachment inside WhatsApp.

     

    Affected Version Information:

     

    • WhatsApp Desktop for Windows (Facebook)
      • Default Status: unaffected
      • affected from 0.0.0 before 2.2450.6

    Thus, users are advised to download and install version 2.2450.6 or newer of WhatsApp for Windows. You can get it from the WhatsApp official website or the Microsoft Store.

     

    Source

    Hope you enjoyed this news post.

    Thank you for appreciating my time and effort posting news every day for many years.

    News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of March): 1,357

    RIP Matrix | Farewell my friend  :sadbye:

     Share
    Go to news

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.

    ×

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...