WhatsApp Crash Exploit Allegedly Sold on Dark Web for $30

Some experts in cybersecurity recently discovered the appearance of a ‘glowing’ ad on the dark web where hackers are selling a tool used to crash WhatsApp. Hackers advertise a ‘program’ that will send out a specific type of message/file to a victim’s device in order to force WhatsApp to crash.

The hacker who is selling this program claims that it will crash all running WhatsApp chats. The program is being sold for $30 in order to entice hackers to purchase it. According to the advertisement, in addition to being able to crash WhatsApp, the package might also have features that could potentially cause substantial disruption to many other digital services and applications.

Security experts caution that even without widespread reports, these claims deserve attention because they affect platforms used by billions globally.

Why WhatsApp is a Major Target for Attackers

WhatsApp is one of the largest messaging applications available today. Its parent company, Meta, claims there are over 2 billion active users of the app worldwide.

Due to its immense user base, WhatsApp has long been and continues to be very appealing to hackers. A very small defect in the code behind the application could affect tens of millions of users.

Messaging applications process messages, images, videos, voice messages, documents, and contact files all within milliseconds. If a bug exists in any of the ways those messages are processed by the application, attackers could potentially exploit it.

WhatsApp has suffered significant vulnerabilities in the past – for example, in 2019, they disclosed a vulnerability in their voice calling function that enabled attackers to deploy spyware onto targeted devices, but the developers ultimately fixed the issue.

In addition to these previous events, government agencies have reported the possibility and dangers of applications like WhatsApp having vulnerabilities. For example, CISA, the U.S. Cybersecurity and Infrastructure Security Agency, publishes notices regularly on the status of software vulnerabilities with strongly worded language, advising users to upgrade their version of online apps for greater security.

These examples reflect that though several applications, such as WhatsApp, are investing heavily in security, no software is completely immune to bugs and other evolving malicious threats.

How a Crash Exploit Could Work

A “crash exploit” usually targets how an app processes incoming data. The dark web seller claimed that the exploit software can cause some issues that ultimately crash the WhatsApp app on Android devices. Also, if an attacker sends a message that contains unexpected or malformed code, it may overwhelm the app and trigger freezing or a complete shutdown.

Prior incidents involving messaging platforms showed that certain specific crafted messages crashed the apps repeatedly. So, some users deleted and reinstalled the application to stop the continuous crashing loop. Though such attacks may appear as minor cases compared to spyware or data theft, they can still disrupt communication and create panic.

Security experts also warn about so-called “zero-click” vulnerabilities. These are flaws that do not require the user to open or click anything. Simply receiving a malicious message can trigger the exploit. Although there is no proof that the advertised tool will actually function as claimed, its existence has increased concern.

The market for such exploits is thriving, as evidenced by the zero-day exploit targeting OpenSea NFTs that recently appeared on the dark web with a $100,000 price tag, proving that vulnerabilities in popular platforms are treated as valuable commodities in the criminal underground.

Sellers on underground communities sometimes exaggerate their products and services in order to entice buyers, and until there’s an independent verification regarding the exploit, we cannot determine how much of an impact it would have.

What Users Should Do Now

Even without confirmed large-scale attacks, experts recommend simple safety steps:

• Make sure that you always update your software through your device’s official app store; updates usually provide corrections to any major security concerns and should also include updates for your operating system (both Android and iOS).
• Be aware of unknown callers and messages, and do not accept any unrequested information from unknown sources, nor execute any site (by clicking on), nor open any unrequested file within a text message.
• Use two-step verification in addition to your password for added security within WhatsApp.

Furthermore, Meta maintains a bug bounty program that compensates researchers who report vulnerabilities/delegate them back to the developer and do not sell them. This will help to reduce the level of exploitable information that is publicly available about the company.

Messaging applications will always be a core part of our daily communication. This incident serves as a reminder of how far digital security will continue to evolve as an industry – staying current and aware is still the best defense against evolving and constant Cyberspace threats.