Millions of Android users’ data has been exposed to this horrifying hack

If you use a phone with an Android operating system, you may want to steer clear of shady looking websites. Around 275 million Android phones have been exposed to a hack called Stagefright, which uses infected online video files to spy on the devices, according to a research paper done by cyber-security firm NorthBit.

The Stagefright security flaw has been a thing for years — Android OEMs (original equipment manufacturer) have been working on the issue for a while, and Google offers monthly security updates with its Nexus line of devices. But even with all of the attempts to fix Stagefright in its early stages, a new exploit has been discovered by security researchers at NorthBit. And it’s pretty scary.

The new Stagefright exploit Metaphor compromises Android versions 2.2 ­to 4.0 and 5.0 to 5.1, according to TheHackerNews.

NorthBit released a video which explains that for a user’s phone to be compromised, all the person would have to do is visit a website that contains an infected video file — the video doesn’t even need to be played. The user may need to linger for up to two minutes on the site for the hack to occur, but it could also happen in just a few seconds.

Once the system has been crashed, the attacker receives more and more hardware data by sending more video files to the hacked phone. The hack typically only takes 20 seconds and works best on Nexus 5, but can infect any device.

Android devices running Marshmallow or those equipped with security level 1 as of October 1, 2015 are protected from the attack, according to Google.

So basically newer phones should be safe, while older phones are at a much higher risk of an attack.

Be careful out there in Internetland, Android user friends.