WhatsApp users are advised to take precautionary measures following the discovery of a security flaw that could grant hackers access to personal data through direct file transfers. The vulnerability, identified by Google’s Project Zero team, originates from the app’s automatic download feature, which instantly saves media files onto devices.
Reports suggest that cybercriminals have been creating fake group chats to lure unsuspecting users into downloading infected files without their knowledge. While the extent of the impact remains unclear, this poses a significant threat to the app’s vast user base.
In response to the bug, WhatsApp has released a patch to mitigate further infections. However, the incident underscores the risks associated with automatic downloads on devices. To enhance security, users are advised to update their WhatsApp to the latest version and adjust settings accordingly.
A recommended step, as suggested by cybersecurity experts at Malwarebytes, is to disable Automatic Downloads or activate WhatsApp’s Advanced Privacy Mode in the settings. By doing so, media files will not be automatically downloaded to the phone in the future.
To modify download settings, users can access the three-dot menu in the top-right corner of WhatsApp on Android devices and navigate to Settings > Storage and data > Media auto-download. Here, they can deselect all media types under mobile data, Wi-Fi, and roaming settings.
Furthermore, it is advisable to restrict group invitations to trusted contacts to reduce the risk of falling victim to similar attacks. Users can manage this by adjusting privacy settings in WhatsApp to limit group additions to known contacts or approved administrators.
For users leveraging WhatsApp for professional purposes, maintaining strict control over group memberships by allowing only verified contacts and authorized administrators is recommended to bolster security measures.