Centre warns of malware targeting WhatsApp Web, desktop users
What's the story
The Indian Computer Emergency Response Team (CERT-In) has issued a warning for WhatsApp Web and desktop users. The advisory comes in light of a widespread malware distribution campaign that could give cybercriminals unauthorized access to devices and compromise sensitive information. CERT-In has urged users to be cautious while opening file attachments, even if they appear to be from trusted contacts.
Malware method
Malware targeting WhatsApp users
The CERT-In advisory, dated June 25, highlights that a large-scale malware distribution campaign is targeting WhatsApp Web and desktop users. The campaign involves the distribution of malicious Visual Basic Script (VBScript) files through direct messages on the platform. This tactic is being used by threat actors who have compromised WhatsApp accounts to send these malicious attachments directly to victims.
Potential impact
CERT-In's recommendations to avoid malware attacks
A successful malware attack could give cybercriminals remote access to a victim's device, steal credentials for fraudulent activities, deploy additional malware, infect connected networks, disrupt business operations, and cause financial losses. To avoid falling victim to these attacks, CERT-In has advised users not to open unexpected attachments even if they come from trusted contacts. The agency also recommends verifying unexpected file attachments by calling or messaging the sender before opening them.