A vulnerability has been found on WeChat, one of China and the world’s largest instant messaging service, which would give attackers complete access over the mobile application. Through the vulnerability, attackers can remotely control a user’s Moment features, contact list, chat record, and even WeChat Wallet, a function connected with a user’s debit or credit cards.
The vulnerability, named BadKernel, was discovered(In Mandarin) by the Alpha Team of Chian’s Qihoo 360 Technology Co. Ltd.. According to the team, BadKernel operates like a computer worm, which is a standalone malware computer program that replicates itself in order to spread to other computers. If a WeChat user is affected by the vulnerability, he or she can spread the vulnerability just by posting content on WeChat Moment and sending links to any group chat on the application.
It also gives attackers access to users’ contact list, messaging records, and control over the application’s audio and video recording functions. Moreover, a user’s payment passwords can be exposed too.
Simply put, BadKernel is a flaw in the Google Chromium mobile browser framework that spreads as users click on malicious links. Users of older versions of Chromium-powered mobile browsers, as well as applications with embedded Webview, may be vulnerable.
WeChat’s monthly active users have reached 806 million, representing year-on-year growth of 34%. It further penetrated into communication scenarios at work, with over 20 million registered users of Enterprise Accounts on the platform, which facilitate internal office automation operations.
As always, having a good VPN can help a lot with adding more depth to your security.