A vCard is an electronic contact card that you can send to another person. For example, if somebody wanted the number of someone in your phone's contact book, you could send the vCard over and the other person would have all the details. The vCard sent by the hackers contained a malicious code that would distribute bots, ransomware and remote access tools (RATs) on a person's phone or PC.
Bots can slow down a person's system, ransomware makes people pay money to regain access to their own data, while RATs allows hackers to remotely access a device.
Checkpoint said that the WhatsApp web vulnerability was easily exploited and "no hacking tools" were necessary.
The vulnerability was first disclosed to WhatsApp on August 21 and fixed by August 27. The public disclosure was made on Tuesday.
"Thankfully, WhatsApp responded quickly and responsibly to deploy an initial mitigation against exploitation of this issue in all web clients, pending an update of the WhatsApp client," Oded Vanunu, security research group manager at Check Point, wrote in a blog post.
WhatsApp recently announced it had reached 900 million active users with around 200 million estimated to be using the web-based version.