Researchers at security software company Check Point claim to have uncovered what they describe as a "severe" vulnerability in WhatsApp enabling hackers to hijack accounts using images booby-trapped with malware.
The vulnerability affects WhatsApp Web, along with Telegram's similar web-based service, and stems from a problem with the way that the two message apps process some types of files without verifying that they do not contain malicious code.
Because of this, attackers are able to send malicious code disguised as an innocent-looking image, allowing them to gain access to a WhatsApp or Telegram users' local storage and take control of their account.
"The WhatsApp upload file mechanism supports several document types such as Office Documents, PDF, Audio files, Video and images," claims Check Point. "Each of the supported types can be uploaded and sent to WhatsApp clients as an attachment.
"However, Check Point's research team has managed to bypass the mechanism's restrictions by uploading a malicious HTML document with a legitimate preview of an image in order to fool a victim to click on the document in order to take over his account."
This gives, if exploited, hackers could potentially gain access to a user' messages, shared files, contacts list and more.
Check Point warns: "This means that attackers could potentially download your photos and or post them online, send messages on your behalf, demand ransom, and even take over your friends' accounts.
The security firm notified WhatsApp and Telegram of the flaw on 7 March, and both companies have fixed the issue.
Check Point said that there is no evidence that the flaw was used by hackers but noted Check Point says it had been present on the platforms for a significant time period and put "hundreds of millions" of accounts at risk.
Still, Check Point advises that users avoid opening suspicious files and links from unknown users, obvs, and periodically clean logged-in computers from WhatsApp and Telegram accounts.
AlphaBay users had flocked to Hansa after it was closed down - not realising it had already been taken over by Dutch police
Microsoft closes in on $100bn annual revenues with sales weighing-in at $23.3bn
Moves to take down cyber-squatted domains reveals Fancy Bear hacking network, claims Microsoft
Intel claims 'world first' in artificial intelligence that can be plugged-in almost anywhere