London, UK – August 02, 2018: The buttons of Messenger, WhatsApp, Facebook, Snapchat and Netflix on the screen of an iPhone.
How was a situation where your phone suddenly called your EX on your Facebook Messenger App? That’s quite hilarious and you will be pumping in confusion and ask yourself. Who the heck called him/her? Well, that’s probably someone made the call from miles away. Yes, you probably have been hacked! Read this…
When I first read about this issue on ReasonSecurity.com I was quite indecisive and thought Messenger has desktop app? I didn’t know Facebook Messenger has an app for desktop users. Now I know. Well, anyway that’s our subject for today.
A ReasonSecurity researcher, Shai Alfasi, found bug on Facebook Messenger for desktop. This bug uses persistence method. The bug is already fixed with the latest version of the app. You just have to update your older version and you are good to go.
The bug found on the app which is available on Microsoft app store executes series of code that should not be executed. uh, Talk about bugs. This bug which can be found on the version of Messenger 460.16 which of course you can no longer use since Facebook already aware of the issue and has updated the app.
The bug results to a vulnerability and causes the app to kinda malfunction internally this gives a way to hackers to infiltrate a video call or executes resource within the Messenger code so they can run their malware. This vulnerability gives the attacker plenty of time to execute what they want to the victims Messenger app. Reasons Labs claimed they are the first to identify the bug.
The Persistence Method Bug
Persistence bug is a method in which attacker uses so he won’t lose the connection between him and the victim. He needs the time to perform and execute series of commands to the victims machine.
Researchers can easily discover this method because the only logic malware requires to be successful are the following:
- The attacker should be able to communicate to the victims machine.
- The attacker should be able to run his codes.
- The attacker should be untraceable by antiviruses.
Thought most antiviruses are able to automatically remove these threat since it can detect what is going on on your system files. It monitors your files behavior and are able to pinpoint a threat.
No reports of Threat
Internet users has dramatically increased on the past months since this COVID-19 pandemic started. Facebook alone reports 70% increase on the Facebook App usages globally. Before the discovery of the bug. There are 1.3 Billion of active users in Messenger but there are no reports from users of hacking. So we can quite sure that no one are able to take advantage of it yet. And wont be able to take advantage on it since it’s already fixed.
For more details about this bug you can to the ReasonsLab website and read the article their for complete details.