Hackers have made a backdoor available on the WhatsApp app that lets them eavesdrop on users’ calls, emails and chats, according to a report in the New York Times.
The backdoor, dubbed ‘Exploit-Bots’, is so widely used that it has been dubbed a “weapon” by security experts.
It lets attackers remotely gain access to WhatsApp accounts via a vulnerability in a WhatsApp web service, a vulnerability that has been publicly disclosed in a security advisory published on Wednesday.
The vulnerabilities in the WhatsApp service allow attackers to “see the contents of WhatsApp messages and texts, track and analyze conversations, and install custom malware,” according to the New Zealand-based security company Sophos.
The company said the vulnerability was present in versions of the WhatsApp Web service as early as May.
Sophos says it has seen an average of 30,000 malicious attacks a day against WhatsApp, an online messaging service that’s used by about 1.2 billion people worldwide.
WhatsApp says it is working to fix the flaws.
“This is a security issue that affects WhatsApp Web and other products, and we are actively investigating and will update this page once the fix is available,” the company said in a statement.
WhatsApp’s main competitor, Microsoft, has not publicly announced a fix.
It released a patch in January, but it was later pulled from the market.
The security firm Symantec said it has confirmed the vulnerability in versions 4.5 and 4.6 of WhatsApp Web Service, and Symantech said it was aware of an attack on March 6 that exploited the vulnerability.
The vulnerability was disclosed by the researchers at the security firm FireEye, which is a subsidiary of Microsoft.
The flaws in the web service allowed attackers to read messages, read user-sent text and send malicious email attachments, according the researchers.
The attacks have been widely reported, with the Washington Post calling the vulnerability “the single most widely exploited security vulnerability of the year.”
Twitter is also looking at adding more filters to its messaging app.
The social media company said it would also be adding an additional filter for WhatsApp messages that can be turned on by default.