Using virus to read all resemblances in WhatsApp
ᶦᶰᵈ᭄ ▪Abhi 𝕵ha°Let's start with this shit :)
⚠️ Disclaimer : This article is presented for informational purposes only and does not constitute a call to action. All information is aimed at protecting readers from illegal actions.
It all starts with a hacker creating a malicious html file with a preview image:
The WhatsApp web client stores the allowed document types in the W ["default"] client variable . DOC_MIMES This variable stores the valid Mime types used by the application.
Since the encrypted version of the document is being sent to WhatsApp servers, a new Mime type such as "text / html" can be added to this variable to bypass the client limitation and download a malicious HTML document
After adding the URL of the malicious document to the client variable, the client encrypts the contents of the file using the encryptE2Media function, and then uploads it encrypted as a BLOB to the WhatsApp server
Moreover, changing the name and extension of the document and creating a fake preview by changing client variables will make the malicious document more attractive to the victim.
This will be it's result :-
As soon as the victim clicks on the file, they will see a funny cat under the blob object, which is an html5 FileReader object under web.whatsapp.com. This means that a hacker can access resources in the browser under web.whatsapp.com
By simply viewing the page without clicking on anything, the victim's local storage data will be sent to the hacker, allowing him to take over his account.
The hacker creates a JavaScript function that will check every 2 seconds for new data in the backend and replace its local storage with the victim.
Part of hacker's code:-
The hacker will be redirected to the victim's account and will be able to access it.
You can modify this code by adding JavaScript code like this :-
A malicious HTML file that will cause the client's browser window to get stuck and allow the hacker to manage the account without interruption, although the hacker will be connected to the victim's account until the victim is logged into the account. Closing the browser will not log the hacker out of the account, and the hacker will be able to log into the user account for as long as he wants!
Works for web version.....!
⚠️ Disclaimer : This article is presented for informational purposes only and does not constitute a call to action. All information is aimed at protecting readers from illegal actions.
Just share and Support Us ❤️🥺
A post by Cyber Mate Official 👊🏻❤️