It all starts with the hacker creating a malicious html file with a preview image:
After adding a malicious document URL to a client variable, the client encrypts the content of the file using the encryptE2Media function, and then uploads it encrypted as BLOB to the WhatsApp server.
This is the result:
Part of the hacker’s code:
The WhatsApp website does not allow a client to have more than one active session at a time, so after the hacker steals the victim’s account, the victim will receive the following message:
A malicious HTML file that will cause the client’s browser window to get stuck and allow the hacker to manage the account without interference, although the hacker will connect to the victim’s account until the victim logs on to the account. Closing the browser will not cause the hacker to log out of the account, and the hacker will be able to log into the user’s account for as long as he wants!
Works for the browser version.