WhatsApp fans are being warned after security experts discovered a shock new threat affecting the chat app.
WhatsApp is the most popular chat app in the world, with over 1.5billion people using the Facebook-owned app every month.
The huge WhatsApp userbase in the past has been targeted by cybercriminals, with scams such as fake vouchers often seen circulated on the chat app.
While earlier this year a major breach saw hackers remotely install surveillance software on devices via a vulnerability with WhatsApp.
And now WhatsApp fans are once again being put on alert, this time about a groundbreaking security threat.
WhatsApp prides itself on its end-to-end encryption which ensures messages stay private between you and the person you’re sending it to.
The Facebook-owned firm proudly says on its website that “nobody in between, not even WhatsApp” can read what is sent.
But it’s now been claimed that a shock new bug can give hackers powers to access encrypted messages on WhatsApp.
The security threat was discovered by Google’s Project Zero team, who said the bug affects iOS devices.
They explained that the bug occurs when iOS users simply visit a compromised website.
This can lead to the victim’s device being silently hacked as attackers access victims’ photos, texts and location.
But the Google security expert said the bug can also let hackers access encrypted messages on WhatsApp, Forbes reported in a post online.
Google researcher Ian Beer said the bug lets hackers access all the database files on a victim’s phone that is used by end-to-end encrypted apps.
Beer wrote: “Not only is the end-point of the end-to-end encryption offered by messaging apps compromised; the attackers then send all the contents of the end-to-end encrypted messages in plain text over the network to their server.”
Google said it was “only a small collection” of websites that had the capabilities to carry out this hacking campaign.
They also said these sites were estimated to have received thousands of visitors each week over the course of at least two years.
However, it’s important to note that it’s not clear how many of these visitors were iOS users.
Nor is it clear whether everyone that visited these compromised websites were themselves hacked or not.
Earlier this year Apple patched this flaw after Google notified them of it, taking just six days to create a fix.
Apple iPhone users should upgrade to the latest version of iOS as soon as they can to ensure their device is safe.
And, as always, it’s good practice to not open any suspicious e-mails from unknown senders which may contain links to malware-filled websites.
• Stay tuned to Express.co.uk for more WhatsApp news