A bug in the messaging service can put up to 200 million users at risk, according to the security firm Check Point.
The flaw allows hackers to distribute malware, including ransomware which demands that victims pay a fee to regain access to their files. The vulnerability has only been reported to have affected the web-based version of the service.
The WhatsApp web app is a mirror version of its mobile application that enables all messages and images received to be accessed from a web browser. According to recent statistics there are over 200 million active users of the online web application, compared to 900 billion users of the smartphone application.
The company was alerted to the issue at the end of August and promptly issued a patch. The company is now urging users to update their WhatsApp software immediately if they have not done so already.
According to the Check Point, the vulnerability was caused by the way that the service handles contacts sent in the virtual card format.
All a hacker would need to do is send a virtual business card (vCard) which looked legitimate to a targets mobile number. Once the vCard was opened, malicious code can be distributed and infect the full system with ransomware.