So, recently i got some trouble while using WhatsApp WEB that result in some paranoid action triggering.
Not very fun. But let’s start from the begin
The Problem
While working at bar, as always, i was connected at a public WiFi. Around there was no one else with a laptop or (strangely) with a phone in hand.
Then my whatsapp web started going “crazy” closing itself saying “Another Session is Active”. I immediately checked if i had other tab/windows open with whatsapp on and nothing. It was the only tab open (regarding whatsapp).
Then i take my phone and i go in whatsapp settings to check which external devices are connected to my account: only my laptop.
Then my mind start spiraling.
Checks i’ve done
Even tho i looked around and there where no potential “treat actor” i started a scan of the network and if any kind of attack was in progress: negative result. All clean.
Then i thought: a virus ? So i downloaded Avast. Negative result here too. So i thought: “maybe is something new”.
So i installed Red Canary and started a malware triage + manual inspection of all the fuckin processes. NEGATIVE.
Then i gave up and few days after it happened again not only at this public wifi but also at office wifi and home wifi.
So i can exclude someone messing phisically with the network.
I started looking online to see if someone else had my same problem and as always (according to my luck) nothing came out. In the meantime with certain frequency, no matter where I was connected, WhatsApp web kept closing because of another active session.
The usual suspects
When coming to analyze a session issue on a closed source software is a huge headache. I’m not the emperor of nerds/hacker nor a all knowing god. And pretty often I’m in error (but boy when I get it right I make a party !).
So my suspects, at this point, are:
- A new malware in town
- Some 0-day
- How the new chrome version handle the save ram functionality with inactive tab
But not having ulterior informations I was stuck between the famously known statement “is it me or them?”
So, the reason of this post title, begin
WhatsApp Support
Oh boy I hade “fun”. Even tho I explained in every detail what happened, what I’ve done, what I think it is and asked how can I help them more in identify this issue all that I hade was a bunch of template replies. At first I thought “ok, it’s an automatic system” (and still hope so). But after a while I was not so sure anymore.
To make it brief (this post is already big as it is) even tho they used template reply and I replied to them to each one saying “no, this didn’t happen” or “no, this can’t be applied to this matter” I kept receiving default template replies. A bit different this time. So I lost my temper and wrote “oh boy, fuckin automated system and template replies. No you didn’t reply to me at all” (forgot to mention. Each reply I received where about totally other stuff). Then conversation ended with a message from WhatsApp asking to rate their assistance service. Useless to say that I replied “are you kidding me, right ?” and gave all bad review on the survey.
Actual Status
Problem is still there and for not let my paranoid side win I decided that the problem is how chrome handle the unused tabs.
As always, any comment/idea is always appreciated.
Stay safe !