Symantec researchers have discovered that the highly popular messaging apps WhatsApp and Telegram are both vulnerable to what the researchers can “Media File Jacking,” which involves the manipulation of media files sent to users via these apps.
The attack is possible due to the way WhatsApp and Telegram store media files. Because the files are stored in external storage, which also can be modified by other applications, threat actors could use a rogue app installed on a victim’s device to swiftly modify files transferred via WhatsApp and Telegram before they are opened in the app and visible to the user. If the attack is performed on sensitive files like invoices, it could have serious consequences for the victims.
Read more: Hackers Can Manipulate Media Files Transferred via WhatsApp, Telegram