Not long ago, a bug was discovered that affected almost all Android devices and rendered them open to hacking without the user ever having to install anything. The exploit was called Stagefright, and every manufacturer got to work trying to patch it. Far from all devices are patched, but the latest flagships are now safe from the exploit.
However, the battle isn’t over. A few more Stagefright bugs hage been discovered, but instead of relating to the MMS system, it’s now related to playing infected MP3 or MP4 files. This means that you’ll have to visit a link sent to you, so it’s a lwas dangerous than the previous bug, which only required the device to download an MMS message (which most do automatically).
Motorola says it’s already patching the exploit, which will come with the Android M update. Other manufacturers are likely working on it as well. For now, it’s advised you do not open links from strangers. Stay safe.