Millions of WhatsApp users could have been exposed to malware due to a security flaw in their system.
Anyone who uses the web app (which is also available on Android and iPhone) could have had their devices left vulnerable to hackers, due to a bug.
The security flaw means that information of up to 200 million users could be accessed using just a phone number and a simple message, according to researchers at Check Point.
All hackers would need to do is send what appears to be an innocent contacts file and, if opened, it would allow them to run a malware code that takes over the system. This, in theory, could then be used to spy on activity, take personal data or spread viruses.
Check Point explains:
The vulnerability lies in improper filtering of contact cards, sent utilising the popular 'vCard' format. The message (contact card) appears legitimate, like any other contact card; most users would click it immediately without giving it a second thought. The implication of this innocent action is downloading a file which can run arbitrary code on the victim's machine.
This simple trick opened up a vast world of opportunity for cybercriminals and scammers, in effect allowing easy "WhatsApp Phishing." Massive exploitation of this vulnerability could have affected millions of users, failing to realize the malicious nature of the attachment.
The best way to defend against it is to make sure you are running the latest version of WhatsApp across all your devices, as the company have released a new feature that blocks the flaw since hearing about the possible threat.
This article originally appeared on Cosmopolitan.co.uk. Minor edits have been made by the Cosmo.ph editors.