CyberSecurityBoard
Sponsor Register Login

131 Malicious Extensions Targeting WhatsApp Users Discovered

A recent cybersecurity investigation has uncovered 131 malicious browser extensions specifically targeting WhatsApp users. These extensions, disguised as useful tools, actually serve as conduits for data theft, unauthorized access, and spreading malware. The threat actors behind these extensions exploit the popularity of WhatsApp to trick users into installing harmful software that can intercept messages, steal credentials, and compromise personal information. The malicious extensions have been found across various browsers, including Chrome and Firefox, highlighting the widespread nature of this threat. Users are advised to be vigilant when installing browser extensions, especially those claiming to enhance WhatsApp functionality. Cybersecurity experts recommend verifying the authenticity of extensions through official stores and regularly updating security software to mitigate risks. This incident underscores the importance of digital hygiene and awareness in protecting personal data against increasingly sophisticated cyber threats targeting popular communication platforms like WhatsApp. The discovery of these 131 malicious extensions serves as a critical reminder for users and organizations to prioritize cybersecurity measures and remain cautious of seemingly beneficial tools that may harbor hidden dangers.

This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 21 Oct 2025 11:25:10 +0000


Cyber News related to 131 Malicious Extensions Targeting WhatsApp Users Discovered

131 Malicious Extensions Targeting WhatsApp Users Discovered - A recent cybersecurity investigation has uncovered 131 malicious browser extensions specifically targeting WhatsApp users. These extensions, disguised as useful tools, actually serve as conduits for data theft, unauthorized access, and spreading ...
2 months ago Cybersecuritynews.com
NSO Group fined $167M for spyware attacks on 1,400 WhatsApp users - Meta filed the lawsuit against NSO Group on October 29, 2019, in the U.S. District Court for the Northern District of California, alleging that NSO had exploited a vulnerability in WhatsApp's calling feature to deliver its Pegasus spyware to ...
7 months ago Bleepingcomputer.com CVE-2019-3568
WhatsApp's new Advanced Chat Privacy protects sensitive messages - "Today we're introducing our latest layer for privacy called 'Advanced Chat Privacy.' This new setting available in both chats and groups helps prevent others from taking content outside of WhatsApp for when you may want extra privacy," WhatsApp ...
8 months ago Bleepingcomputer.com
WhatsApp Hit with €55 Million Fine for Privacy Violations - WhatsApp is facing an €55 million privacy-related fine from the European Union’s data protection authority for allegedly violating the region's data protection laws. ...
2 years ago Thehackernews.com
WhatsApp's Meta AI is now rolling out in Europe, and it can't be turned off - The chatbot built into WhatsApp is not as powerful as Meta AI's web app, but it can answer your questions, reply with a large chunk of text, share links from Bing, and even create images. On March 19, WhatsApp owner Meta announced that a variety ...
8 months ago Bleepingcomputer.com
WhatsApp flaw can let attackers run malicious code on Windows PCs - On January 31, after mitigating the security issue server-side, WhatsApp alerted roughly 90 Android users from over two dozen countries, including Italian journalists and activists who were targeted in Paragon spyware attacks using the zero-click ...
8 months ago Bleepingcomputer.com CVE-2025-30401
Fake VPN Chrome extensions force-installed 1.5 million times - Three malicious Chrome extensions posing as VPN infected were downloaded 1.5 million times, acting as browser hijackers, cashback hack tools, and data stealers. According to ReasonLabs, which discovered the malicious extensions, they are spread via ...
2 years ago Bleepingcomputer.com
Google Takes Down Over 50,000 Instances of Malicious Chrome Extensions - Google recently took down over 50,000 Chrome browser extensions after discovering that they were involved in malicious activity. The malicious activity included advertising click fraud, downloading malware, and displaying adware. According to Google, ...
2 years ago Thehackernews.com
WhatsApp's new Secret Code feature hides your locked chats - WhatsApp has introduced a new Secret Code feature that allows users to hide their locked chats by setting a custom password. After it reaches your device, you can set a code specifically for securing locked chats independent from the device unlock ...
2 years ago Bleepingcomputer.com
Over 6 Million Chrome Extensions Can Execute Remote Commands on Users’ Browsers - A major security incident has come to light involving more than six million installations of Chrome browser extensions that secretly execute remote commands, track user activity, and potentially expose sensitive information. John Tuckner of secure ...
8 months ago Cybersecuritynews.com
WhatsApp Beta Testing Expanded Authentication Methods for App Lock Feature - In a world where privacy and security are increasingly important, WhatsApp continues to prioritize the protection of user data through encrypted messaging. Recently, the app has been testing a new label to highlight chat encryption, further ...
1 year ago Cysecurity.news
WhatsApp Vulnerability Let Attackers Execute Malicious Code Via Attachments - “A maliciously crafted mismatch could have caused the recipient to inadvertently execute arbitrary code rather than view the attachment when manually opening the attachment inside WhatsApp,” stated the official advisory from Facebook, ...
8 months ago Cybersecuritynews.com CVE-2025-30401
Water Saci Hackers Leverage WhatsApp to Target Victims - The Water Saci hacking group has been observed exploiting WhatsApp as a vector to target victims, marking a significant evolution in their attack strategies. This group, known for its sophisticated cyber espionage campaigns, utilizes WhatsApp to ...
1 month ago Cybersecuritynews.com Water Saci
WhatsApp Fined €5.5 Million for Enforcing Data Processing Update - Heimdal Security recently reported that WhatsApp, the world’s most popular messaging service, has been fined €5.5 million by the Italian Data Protection Authority (GPDR) for violating user privacy. According to the report, the WhatsApp ...
2 years ago Heimdalsecurity.com
Jury orders NSO Group to pay $168 million to WhatsApp for facilitating Pegasus hacks of its users | The Record from Recorded Future News - NSO’s case was severely hampered by its inability to offer the court any details of its clients' aims in the attacks, prompting Northern California federal judge Phyllis Hamilton to bar the spyware firm from presenting any evidence related to ...
7 months ago Therecord.media
WhatsApp Secret Code Feature Lets Users Set Unique Passwords - WhatsApp has announced the rollout of a new feature to safeguard sensitive conversations. The Secret Code feature provides additional protection to ensure users' private conversations remain secure and protected from unauthorized access. WhatsApp has ...
2 years ago Cybersecuritynews.com
US Jury Orders NSO Group to Pay $168 Million to WhatsApp - Meta hailed the verdict as a milestone for digital privacy and security, stating, “Today’s verdict in the WhatsApp case marks a significant advancement for privacy and security, representing the first triumph against the creation and utilization ...
7 months ago Cybersecuritynews.com
Developers Beware of Malicious VS Code Extension Apps With Million of Installations - Cybersecurity researchers have uncovered a disturbing campaign targeting software developers through malicious Visual Studio Code extensions that have collectively amassed millions of installations. These compromised extensions, masquerading as ...
8 months ago Cybersecuritynews.com
The zero-day that could've compromised every Cursor and Windsurf user - In a recent post Yomtom explains that while examining the build process behind OpenVSX, the open-source marketplace powering extensions for tools like Cursor, Windsurf, VSCodium, and others, he discovered a critical flaw. Dubbed VSXPloit: A single ...
5 months ago Bleepingcomputer.com
WhatsApp Chats Will Soon Work With Other Encrypted Messaging Apps - Despite WhatsApp working on its interoperability plan for more than a year, it will still take some time for third-party chats to hit people's apps. Messaging companies that want to interoperate with WhatsApp or Messenger will need to sign an ...
1 year ago Wired.com
Malicious Chrome VPN Extensions Installed 1.5M Times Browsers - In a recent cybersecurity revelation, a highly sophisticated cyber attack campaign has emerged, weaving a web of deceit through malicious web extensions cunningly disguised as VPNs. ReasonLabs, a cybersecurity firm, has discovered online piracy ...
1 year ago Cybersecuritynews.com
Paragon Spyware Exploited WhatsApp Zero-day Vulnerability to Attack High-value Targets - Researchers have uncovered extensive evidence linking Israeli firm Paragon Solutions to a sophisticated spyware operation that exploited a zero-day vulnerability in WhatsApp to target journalists and civil society members. The investigation confirmed ...
9 months ago Cybersecuritynews.com
Malicious Chrome extensions with 1.7M installs found on Web Store - Almost a dozen malicious extensions with 1.7 million downloads in Google's Chrome Web Store could track users, steal browser activity, and redirect to potentially unsafe web addresses. According to the researchers, most of the malicious functionality ...
5 months ago Bleepingcomputer.com
Malicious Chrome extensions with 1.7M installs found on Web Store - Almost a dozen malicious extensions with 1.7 million downloads in Google's Chrome Web Store could track users, steal browser activity, and redirect to potentially unsafe web addresses. According to the researchers, the malicious functionality is ...
5 months ago Bleepingcomputer.com
131 Chrome Extensions Caught Hijacking Web Traffic to Inject Ads, Steal Data - A recent cybersecurity investigation uncovered 131 malicious Chrome extensions involved in hijacking web traffic to inject unauthorized ads and steal sensitive user data. These extensions, downloaded by millions, exploited browser permissions to ...
2 months ago Thehackernews.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)