
Cybersecurity experts are urging WhatsApp users to make the change now
18:36, 09 Feb 2026Updated 21:05, 09 Feb 2026
A smartphone screen displaying various application icons, including Snapchat, WhatsApp, and Facebook in a stock image(Image: Getty Images)
WhatsApp users are being advised to review their app settings in light of new security alerts. The popular messaging service has been scrutinised after researchers discovered a worrying vulnerability that could allow cybercriminals to access private data by sending harmful files directly to individuals’ devices.
The security loophole, initially identified by Google’s Project Zero researchers, pertains to WhatsApp’s automatic media download feature, which instantly saves files on mobiles without necessitating any user intervention.
Crafty hackers are thought to have exploited this function by creating fake WhatsApp group chats and dispatching invitations to potential targets. Once an invitation was accepted, corrupted files could be automatically downloaded onto devices, with users remaining entirely oblivious.
While it’s unclear exactly how many people may have been affected by this exploit, the exposure of such a hacking technique is concerning, given the billions of daily WhatsApp users globally.
WhatsApp has recognised the issue and confirmed that a patch has been rolled out to prevent similar attacks in the future. However, this incident has once again highlighted the risks of allowing automatic downloads on smartphones.
For added security, users are advised to ensure they’re using the latest version of the app and to make some simple changes to their settings, according to the Express.
Cybersecurity experts at Malwarebytes are now advising users to disable automatic media downloads or enable WhatsApp’s Advanced Privacy Mode. This prevents photos, videos, and documents from being automatically saved to your device.
Here is the most recent advice from Malwarebytes, along with instructions on how to turn off automatic downloads.
For all the latest breaking news headlines today, visit our website home page.
“Google’s Project Zero has just revealed a WhatsApp vulnerability where a malicious media file, sent into a newly created group chat, can be automatically downloaded and used as an attack vector,” explained Malwarebytes.
“The flaw affects WhatsApp on Android and involves zero-click media downloads in group chats. You can be attacked simply by being added to a group and having a malicious file sent to you.
“According to Project Zero, the attack is most likely to be used in targeted campaigns, since the attacker needs to know or guess at least one contact. While focused, it is relatively easy to repeat once an attacker has a likely target list.”
To deactivate automatic downloads on Android, open WhatsApp and click the three-dot menu at the top-right of your screen, then select Settings. Proceed to Storage and data.
Within the Media auto-download section, you’ll discover settings for When using mobile data, When connected on Wi-Fi, and When roaming.
Choose each setting individually and deselect all media categories – Photos, Audio, Videos and Documents – before clicking OK. Once completed, each section should display “No media.”
Malwarebytes also advises restricting who can add you to WhatsApp groups, as this type of attack relies on perpetrators adding victims to new group chats.
To action this, navigate to Settings, choose Privacy, then Groups. Change the setting from Everyone to My contacts, or ideally My contacts except…, and exclude any numbers you don’t fully trust.
If you use WhatsApp for work-related communication, it’s especially important to limit group access to known contacts and approved administrators only.
As previously emphasised, one of the most effective precautions you can take is to keep your apps current and ensure the latest version is installed.
Galway Beo’s top stories and breaking news service on WhatsApp.
Click this link to receive breaking news and the latest headlines direct to your phone.
We also treat our community members to special offers, promotions, and adverts from us and our partners.
If you don’t like our community, you can check out any time you like.
If you’re curious, you can read our Privacy Notice.





