WhatsApp has become a hotbed of controversies. First, it was used for snooping on Indian journalists and human rights activists, and now a report has said that the Facebook-owned instant messaging app is being used to steal data. Online portal gbhackers has claimed that the app has a vulnerability that can allow hackers to deploy the malware via ‘specially crafted’ MP4 file on a user’s device to steal sensitive files from the device and use the phone for surveillance purpose.

‘New Critical vulnerability found in both Android/iOS WhatsApp version Let hackers sending a specially crafted MP4 file to WhatsApp user and trigger the stack-based buffer overflow to perform remote code execution and DoS Attack,’ the platform said in a post. WhatsApp is aware of the vulnerability and has published the details of the versions that have been affected by the threat. The vulnerability affects the following versions:

This Remote Code Evaluation (RCE) vulnerability allows hackers to perform the attack remotely without any authentication. This is the second such threat in two months. Last month, a similar kind of vulnerability allowed remote hackers to steal the files in Android devices using malformed GIF images.

Two weeks ago, WhatsApp confirmed that Pegasus spyware was used to snoop on about 1,400 Indian journalists and human rights activists. The spyware in question has been developed by the Israeli company NSO Group that ties up with governments and use the technology to fight terrorism and crime. According to WhatsApp, the phones of the mentioned people were under surveillance for two weeks in May 2019 during which the Indian General Elections took place.