Menlo Park, California - Security experts warn that malware is being spread via WhatsApp.

A dangerous bug is wreaking havoc on WhatsApp, as Android users report receiving a dubious message from their contacts.

"Download This application and Win Mobile Phone," the text says, followed by a link to the Google Play Store.

As the security company ESET reported, users should avoid clicking on the link and downloading the app from the store.

The Google Play Store and Huawei Mobile app mentioned in the text are fake and contain a software bug that automatically spreads through the messenger service.

Cyber criminals use the bugs for adware and subscription scams to make money through fraudulent means. But it gets even worse.

Security experts fear that affected users' phones may be secretly spied on. Even data theft could be possible.

Banking trojans, ransomware, and spyware could also be distributed.

The malware is able to access the Android device's direct response function because of permissions that have to be granted when downloading the messenger app. The bug can then spread on its own.

According to ESET researcher Lukas Stefanko, the malware is only sent to numbers contacted less than an hour previously – so as not to arouse suspicion.

How can you protect yourself? Above all, users should never click on unknown links, especially if they appear in messengers.

Installing a security app on the mobile device can help, and the operating system should always be up to date.