WhatsApp Web malware alert: CERT-In warns against fake attachments from trusted contacts

WhatsApp Web and desktop users are being targeted in a large-scale malware campaign that could allow cybercriminals to gain unauthorised access to devices, India’s cybersecurity agency CERT-In has warned.

The Indian Computer Emergency Response Team (CERT-In) advised users to be careful while opening attachments received through WhatsApp, even if the file is sent by a known contact such as a friend, colleague or family member.

Hackers Using Compromised WhatsApp Accounts To Spread Malware
According to a CERT-In advisory issued on June 25, attackers are sending malicious Visual Basic Script (VBScript) files through WhatsApp messages.

The agency said threat actors are using already compromised WhatsApp accounts to distribute these files, making the messages appear genuine and increasing the chances of users opening the attachments.

Since the messages come from trusted contacts, many users may assume the files are safe and download them without verification.

How The Malware Attack Works

WhatsApp allows users to exchange messages, documents, images, videos and other files across web and desktop platforms. Cybercriminals are exploiting this feature by sending infected VBScript files to contacts from hacked accounts.

Once a user opens and runs the malicious file, attackers may gain control of the device and carry out further activities.

Risks Of Opening Suspicious Files

A successful malware infection can allow criminals to:

  • Access devices remotely
  • Steal passwords and sensitive information
  • Carry out financial fraud
  • Install additional malware
  • Spread attacks across connected networks
  • Disrupt personal or business operations

CERT-In said users should avoid opening unexpected attachments, regardless of who sent them.

CERT-In Issues Safety Tips For Users

The cybersecurity agency advised users to verify with the sender through a call or separate message if they receive an unusual file.

It also warned that messages that seem out of character or suspicious should be treated carefully.

The agency recommended keeping devices and applications updated and following safe digital practices to reduce the risk of cyber attacks.

Earlier this month, CERT-In also tightened cybersecurity compliance requirements for original equipment manufacturers, including mobile phone and computer makers, amid growing concerns over AI-driven cyber threats.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *