Security experts have discovered a flaw in Facebook-owned messaging app WhatsApp which allows malicious actors to hack users' computers by disguising malware as perfectly innocent contact cards and other files.

The problem lies in the web version of WhatsApp failing to properly verify vCard files, according to research firm Check Point, which discovered the flaw. vCards are digital business cards commonly sent via text message.

WhatsApp has 900 million users worldwide and counting.

Check Point discovered it was able to change the file extension of a vCard, which ends in ".vcf", to ".exe" (executable file) or ".bat" (batch file) without WhatsApp noticing. That means a hacker can disguise malicious code as an innocent looking contact card.

Worse still is that hackers could also change the icon of the malicious file to further trick the victim into downloading it.