Get all your news in one place.
100's of premium titles.
One app.
Start reading
The Economic Times
The Economic Times

CertIn warns against malware campaign spreading through WhatsApp web

WhatsApp web and desktop users are being targeted by a large-scale malware distribution campaign that could give criminals unauthorised access and compromise their devices, national cybersecurity watchdog CertIn said in a note.

The Indian Computer Emergency Response Team has warned WhatsApp web and desktop users to be cautious of any attachments, even if they come from a friend, colleague or family member.

"It has been observed that a large-scale malware distribution campaign is targeting WhatsApp Desktop and WhatsApp Web users. The campaign distributes malicious Visual Basic Script (VBScript) files through direct messages on the platform," CertIn said on June 25.

The note prepared based on Kaspersky and Securelist findings said that the threat actors leverage compromised WhatsApp accounts to send malicious attachments directly to victims, making the messages appear legitimate and significantly increasing the likelihood of successful compromise.

"WhatsApp is a cross-platform instant messaging application that enables users to exchange messages, files, images, videos and other content across desktop and web platforms. Attackers use previously compromised WhatsApp accounts to send malicious VBScript (vbs) files to existing contacts. Because the messages originate from trusted contacts, recipients may be more inclined to open the attachment," Certin said.

The successful execution of a malware attack can lead to remote access of the device by cybercriminals, stealing credentials to carry out fraudulent activities, deploy additional malware, infect the network from which the user is connected, disrupt business, resulting in financial losses.

"Do not open attachments you were not expecting, even if they come from a friend, colleague, or family member," Certin said.

The cybersecurity watchdog has suggested that users make a phone call or send a message to the sender to cross-check if the person has intentionally sent the file.

"If the sender's message seems unusual or out of character, treat it as suspicious," Certin said.

On June 10, Certin also enhanced security compliance requirements for original equipment makers, which include companies that make mobile phones, computers, etc., following an increase in AI-based cyber attacks. PTI

Sign up to read this article
Read news from 100's of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.