Android users have been placed on red alert after the discovery of a new threat that is fully capable of hacking phones and pinching private WhatsApp messages. The worrying attack, which was discovered by the security team at ESET, allows hackers to install a trojan called GravityRAT onto Android phones.
Once downloaded, cyber crooks can then set about stealing data including chats stored in WhatsApp backups. This is concerning as backups is where full chat history is stored meaning online crooks could read every message ever sent via the service.
Not only that but files can also be deleted remotely without the phone owner giving permission or realising that data has been removed.
Explaining more, ESET researcher Lukas Stefanko said: "Notable in the newly discovered campaign, GravityRAT can exfiltrate WhatsApp backups and receive commands to delete files."
The scary threat targets Android phones via two apps called BingeChat and Chatico. These platforms aren't available on the Play Store with users tricked into downloading them via websites advertising free messaging services instead.
ESET has confirmed that Chatico is no longer active but BingeChat is still available and should not be downloaded at any cost. Anyone who thinks they may have installed the applications would also be wise to delete them as soon as possible.
According to Stefanko, it seems the attack is targeted at specific users and it's not currently being used to steal data from the billions who use WhatsApp every day.
However, it's a reminder to check what you are installing on your phone and only download apps that have come from reputable sources such as the Play Store.
It's also a good idea to check the reviews and make sure the developer who has created the app has a solid reputation.