Cybersecurity platforms have issued an urgent warning after the discovery of a serious security flaw in WhatsApp that could allow hackers to access devices and steal personal data without users’ knowledge.
Google’s Project Zero team uncovered the vulnerability, which is exploited by cybercriminals through fake group invitations. Once a user accepts an invite, malicious files are automatically downloaded onto the device without any visible warning. These files are disguised as normal media, such as images, using spoofing techniques.
The malware enables what experts describe as “arbitrary code execution,” granting attackers full control of the device. This can allow them to steal passwords, disable security systems, install backdoors, and remotely control the device.
Cybersecurity firm Malwarebytes has advised users to immediately disable WhatsApp’s automatic media download feature as the most effective preventive measure. Although WhatsApp has confirmed it has released a technical fix to address the flaw, the number of devices affected prior to the patch remains unknown.
