Security researchers found some security issues in WeChat, a popular
instant messaging application developed by the Chinese company Tencet.
By exploiting these vulnerabilities, any other application installed on
the user's phone can force WeChat to send the user's password hash (in plain MD5 format) to an external web server,
controlled by the attacker. Android versions of WeChat up to 4.5.1 are
confirmed to be vulnerable, but similar issues could interest also other
versions of the application. According to recent statistics, WeChat
should have about 300 million registered users.
