Hacking WhatsApp: How To Hack WhatsApp Through Phishing.

Learn how to hack WhatsApp with phishing techniques. Get step-by-step instructions and insights into how cybercriminals can exploit vulnerabilities.

How To Hack WhatsApp Through Phishing.

Introduction


Whatsapp is one of the top cross-platform messaging app, available for most of the devices like smartphones and tablets. It has changed the way of text messaging forever, handling over 60 billion messages per day according to recent estimates.

WhatsApp and Security


Since the time of launch, WhatsApp has been infamous for its security, where many vulnerabilities and bugs were reported. It was also noted that they employed weak encryption to handle messages. But those were in the past, now they have come up with advanced safety measures, like the recently announced 'End To End Encryption'. According to this new feature, very WhatsApp message will be encrypted, and only the sender and receiver will be able to read the content. Middle men like the governmet, spying agencies or even the owners of WhatsApp (Mark Zuckerberg, obviously) cannot read the messages sent. WhatsApp even has an option to verify if two connections are properly encrypted.

So Is WhatsApp Secure?


Answer is no. Nothing is 100% secure technically but considering the steps WhatsApp is taking to ensure privacy and security, one must say it is pretty much secure. However then comes the human part-scams, social engineering, Phishing Attacks etc which makes all the security measures ineffective. Few months ago, WhatsApp has introduced their much awaited web interface by which WhatsApp could be used in PC. this put an end to so much scams and spam campaigns, tricking users offering a PC version of WhatsApp.

Hack WhatsApp Through Phishing Attack


A new phishing attack vector has been developed,targetting the WhatsApp web users, which helps anyone to hack WhatsApp through phishing attack. WhatsApp web helps to replicate the mobile app in PC, in browser and it basically works like this. Open the webcliet in a browser, scan the QR code generated with the WhatsApp from phone/device. This syncs the mobile whatsap with PC, all the chats, groups, calls, and everything gets available. WhatsApp phishing script pretty much automates the process of impersonating someone in no time.

How WhatsApp Phishing Works


The WhatsApp Phishing program uses node.js and socket.io for the website and selenium, a tool for scripting browsers, to communicate with the Whatsapp web client. The program starts a http and a socket.io server. If a new client connects to socket.io, the application will make a request to a selenium instance to start a new browser and connect to web.whatsapp.com.

This program will do the following.
  • Extract the QR code from the WhatsApp Web and post to attacker controlled phishing site.
  • Lure the visitors to scan the QR code from WhatsApp on their phone, offering something attractive in return.
  • After the scanning & authentication is done, the attackers get complete access to the user’s WhatsApp. 
  • This gives the attackers full control of the WhatsApp data, which includes chat records, groups, contact lists, send message as the user to anyone and virtually anything that the real WhatsApp user can do. 

Installing and setting up WhatsApp Phisher.


WhatsApp Phishing program requires Selenium Standalone server and Firefox browser. Make sure both are installed first.

For the complete procedure goto the github page of the auther here.

Below is a live demo of the attack.


Conclusion:


Users sould be aware that encryption alone is not going to ensure security of WhatsApp. It is the scam & phishing campaigns like this the users should worry about more. Poor encryption may leave the messages open to be read by third party but attacks like this gives full control of someone's WhatsApp account to hackers. This is more serious and an attacker can do maximum damage by these simple social engineering tricks. WhatsApp should come up with advanced protection against these types of phishing scams also.

Source: http://blog.mawalabs.de/whatsapp-phishing/

COMMENTS

BLOGGER: 4
  1. Great article dude. Thanks for sharing. It shows how unsafe we are these days online.

    ReplyDelete
  2. How to get the account back once it is hacked ?? Please help

    ReplyDelete
  3. Not anymore, now every few seconds the QR changes

    ReplyDelete

Name

Ad Network,3,adb,1,adblocker,1,Adblocker alternative,1,Adobe Flash Zero Day,1,Adware,1,Android,2,Android Reverse Engineering,1,Android vulnerability,3,Anonymous,1,Anonymous Browsing,2,Apple Hacking,2,Arp Poisoning,1,authentication bypass,1,Automated Tank Guage,1,Automatic Footprinting tool,1,backdoor credentials,1,BadWinmail,1,Banking trojan,1,bcmon,1,Best Adblocker,1,Best free cloud storage,1,Best Password Manager,1,Best TOR Alternative,1,Best VPN Provider,1,best VPN Rating,1,Bettercap,1,Bettercap tutorial,1,BitTorrent,1,BitTorrent Protocols,1,Browse safely,1,Car Hacking,1,Carbanak,1,ChatGPT,1,CIA,1,Circuit Fingerprinting.,2,cleartext cloud API,1,CloudFlare,2,Cobalt Strike,1,Covert Pentesting,1,Cracking Encryption,1,Cracking HTTPS,1,crapware,1,Credential Stealing,1,Credentials Sniffing,1,CreeHack,1,CryptDB,1,cryptography,2,cSploit,1,CSRF,1,custom recovery,1,Cydia,1,cygwin,1,Cypher System,1,Data Breach,1,Data Exfiltration,1,DDoS,2,DDoS Attack,3,Decrypting Tor traffic,1,Deep Web,1,DEF CON 23,2,disk encryption,1,DLL Injection Attacks,1,Dnstool,1,download torrents directly,2,DrDoS,1,DriveDroid,1,DuckHunter HID,1,Elevation Of Privilege,1,encryption,2,Ettercap,1,Exitmap,1,Exploitation,2,Fanny Worm,1,Financial APT,1,Flash Alternative,1,Forgot Windows Password.,1,fraud,1,Free Cloud Storage,1,Free LastPass Premium,1,Free Uptobox Premium Account,1,Free VPN,1,Free Zbigz Premium Account,2,Freedom App,1,GasPot,1,GenAI,1,GitHub,1,Giveaways,4,Hack Android,3,Hack Android Games,2,Hack Android In-App Purchase Non Root,1,Hack Cave,18,Hack Clash Of Clans,1,Hack Email,1,Hack Outlook,1,Hack Subway Surfer,1,Hack WiFi Android Without bcmon,1,Hack Windows 10,1,hacking android,6,hacking android pattern lock,1,Hacking Android PIN,1,Hacking Android Through Sound Waves,1,Hacking Cloudflare,1,Hacking CryptDB,1,Hacking electronics,1,Hacking embedded systems,1,Hacking Fridge,1,Hacking Gmail,1,Hacking IoT,1,Hacking KeePass,1,Hacking News,3,Hacking PayPal,1,Hacking Refrigerator,1,Hacking Team,1,Hacking tools,3,Hacking Tricks Android,5,Hacking WiFi With Android,3,Hacking Windows,4,Hacking Windows Password,1,HardSploit,1,HID Attack,1,Homomorphic Encryption,1,Honeypot,1,HORNET,3,How to hack baby monitors,1,How to hack gmail?,1,How to hack IoTs,1,How to hack MAC OS X,1,How To Hack WhatsApp,1,how to install kali nethunter on any android device,1,How Tor Works,1,HTML5,1,ICS,1,Immobilizer,1,Increase Download Speed,1,Information Gathering,1,Install NetHunter,1,Install NetHunter for any Device,1,Internet Of Things,1,Internet Privacy,2,Introduction To Penetration Testing,1,iOS 9,2,iOS hacked,1,IoT,3,IoT Security Audit Tool,1,Jailbreaking,1,Kali Linux,2,kali linux nethunter for android,1,Kali NetHunter,4,Kali NetHunter Nexus 5x,1,Kali NetHunter Sony,1,kali nethunter windows installer,1,KeeFarce,1,Kemoge,1,LastPass Premium Giveaway,1,LastPass Premium Subscription 2016,1,lenavo,1,LinkedIn,1,Lizard Squad,1,Lizard Stressor,1,LLama3,1,LSE,1,Mabouia,1,Mac OS X Hacking,1,Malicious JavaScript,1,Malware,4,Man In The Middle Attack,4,MANA Wireless Toolkit,1,Megamos Crypto Transponder,1,MITM,5,Mount Manager Bug,1,Mozilla Firefox,1,MSOffice,1,Netflix,2,Netflix Stethoscope tool,1,NetHunter Devices,1,nethunter install guide,1,NetHunter Nexus 5x,1,NetHunter Tutorial Nexus 5x,1,nethunter tutorial pdf,1,Nord VPN,1,nsISpeculativeConnect,1,NTP Vulnerability,1,Offensive Security,1,Office Exploit,1,OLE,1,Onion Encryption,1,Onion Routing,1,OpenSource,2,Outlook Exploit,1,Overt,1,Penetration Testing,1,Penetration Testing Tutorial,1,Penetration Testing With KaliLinux,1,Penetration Testing With Metasploit,1,Pentest Report,1,Phases Of PenTesting,1,Phishing,1,PINlogger,1,Post Exploitation,1,PowerMemory,1,PowerShell,1,pre-fetch,1,Prevent In-App purchase hacks,1,Privacy,1,Private VPN,1,privilege escalation,2,Python,1,Quantum Cryptographic Communication,1,quantum physics,1,ransomware,2,read forbes with adblock,1,read toi with adblock,1,Reaver,1,Reflected File Download Vulnerability,1,Reflective,1,Reflective DDoS Attack,1,Remote Code Execution,2,Remote exploit,2,remove ads toi,1,RfA,1,RFD,1,RFID,1,RIFFLE Tor Alternative,1,RIPv1 Protocol,1,Root Nexus 5x,1,Rooting,2,Rootkit,1,Router Keygen,1,SCADA,1,SEA,1,Searchsploit,1,Security News,40,Security Tools,5,Selfhosted,2,Shodan,1,SilverPush,1,Sleepy Puppy,1,Smartphone Sensor hack,1,Smartphones,4,Smartphones hacking,1,soft and hard brick,1,speculative connect API,1,SpiderFoot,1,Sponsored,1,StageFright,2,StageFright 2.0,1,stethoscope tool implimentation,1,Stored XSS,2,StuxNet,1,Superfish,1,surveillance,1,Task hijacking Attack,1,TCP injection.,1,The Basics Of Penetration Testing,1,The Hacking Team,1,Threat Modeling,1,Tor,3,TOR Alternative,4,Tor Exit Relay,1,Tor Guard,1,Tor Hacked,3,torrent to direct converter,2,torrent to IDM,1,tow factor authentication,1,Trend Micro,1,Tutorial,11,TWRP,1,TWRP Nexus 5x,1,Types Of Pentest,1,Types Of XSS Vulnerability,1,uBlock,1,Unlock Bootloader guide,1,Unlock Bootloader Nexus 5x,1,unlock pattern lock android,2,User Focused security,1,VPN Reviews,1,Vulnerability,3,Vulnerability Analysis,1,Vulnerability scanners,1,What is Kali NetHunter,1,WhatsApp Encryption,1,WhatsApp Hacking,1,Whatsapp phishing,1,WhatsApp Vulnerability.,1,WikiLeaks,1,Windows Backdoor,1,Windows Debuggers,1,XcodeGhost,1,Xss,3,XSS Scanner,1,XTEA,1,Zbigz cookie generator,1,Zbigz premium account no survey,1,Zimperium,1,
ltr
item
Hack Cave | Hacks unveiled: Hacking WhatsApp: How To Hack WhatsApp Through Phishing.
Hacking WhatsApp: How To Hack WhatsApp Through Phishing.
Learn how to hack WhatsApp with phishing techniques. Get step-by-step instructions and insights into how cybercriminals can exploit vulnerabilities.
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiNSlPV-hcj3S-Fb7yj5EcXQDvgDI58Gzm-TfkMIWz9YcCVsnYJgOIQg7fJJ9iHhKSMbG8XoR5rdcztUwqCg-qXa0-mlVhtrU5Eyn3UQjI9JKR0vnfJUsGv1dRm6UxAlOs6qUPE7DS9H9GN/w640-h354/whatsapp.jpg
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiNSlPV-hcj3S-Fb7yj5EcXQDvgDI58Gzm-TfkMIWz9YcCVsnYJgOIQg7fJJ9iHhKSMbG8XoR5rdcztUwqCg-qXa0-mlVhtrU5Eyn3UQjI9JKR0vnfJUsGv1dRm6UxAlOs6qUPE7DS9H9GN/s72-w640-c-h354/whatsapp.jpg
Hack Cave | Hacks unveiled
http://www.hackcave.net/2016/04/hacking-whatsapp-how-to-hack-whatsapp-by-phishing.html
http://www.hackcave.net/
http://www.hackcave.net/
http://www.hackcave.net/2016/04/hacking-whatsapp-how-to-hack-whatsapp-by-phishing.html
true
398744729202641828
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share to a social network STEP 2: Click the link on your social network Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy Table of Content