Android users are facing a possible threat which can compromise their device’s security without their notice. According to a report from Cnet, the malicious content can easily be introduced in a device with the use of a simple text message and can give an open access to all data stored on the phone, which includes credit/debit card information. The report is sourced from a security firm, Zimperium which claims to have detected the flaw.

The reason this can turn out to be a major threat is because the hacker won’t need anything other than the subscriber’s phone number to send the text. The official blogpost of the security firm said, “Attackers only need your mobile number, using which they can remotely execute code via a specially crafted media file delivered via MMS (text message).” The virus is so efficient that will be able to delete the message without the user’s notice but the user will still receive an empty notification.

Android is suffering from this loophole because of a code called “Stagefright.” The objective of this particular code is to pre-load videos before the user clicks the play button to avoid waiting time before the video snippet starts playing. Hackers can conceal their malicious code with the help of Stagefright and download it without the user’s information.

According to the cyber security firm, they have informed Google about the major flaw and have also provided a patch for it. In response, the search giant has already integrated the patch in the next update. The update will gradually roll out to the OEMs but will take a lot of time to reach most devices. The firm believes that 95 per cent of android phones are prone to this risk. This can easily be one of the biggest security flaws in the history of Android.