CERT-in warns WhatsApp web, desktop users of large-scale malware campaign
CERT-In has warned of a large-scale malware campaign targeting WhatsApp Web and Desktop users through malicious VBScript attachments sent from compromised accounts. Users are advised to avoid opening unexpected files and verify suspicious messages to prevent device compromise and data theft
New Delhi: WhatsApp web and desktop users are being targeted by a large-scale malware distribution campaign that could give criminals unauthorised access and compromise their devices, national cybersecurity watchdog CertIn said in a note.
The Indian Computer Emergency Response Team has warned WhatsApp web and desktop users to be cautious of any attachments, even if they come from a friend, colleague or family member.
“It has been observed that a large-scale malware distribution campaign is targeting WhatsApp Desktop and WhatsApp Web users. The campaign distributes malicious Visual Basic Script (VBScript) files through direct messages on the platform,” CertIn said on June 25.
The note prepared based on Kaspersky and Securelist findings said that the threat actors leverage compromised WhatsApp accounts to send malicious attachments directly to victims, making the messages appear legitimate and significantly increasing the likelihood of successful compromise.
“WhatsApp is a cross-platform instant messaging application that enables users to exchange messages, files, images, videos and other content across desktop and web platforms. Attackers use previously compromised WhatsApp accounts to send malicious VBScript (vbs) files to existing contacts. Because the messages originate from trusted contacts, recipients may be more inclined to open the attachment,” Certin said.
The successful execution of a malware attack can lead to remote access of the device by cybercriminals, stealing credentials to carry out fraudulent activities, deploy additional malware, infect the network from which the user is connected, disrupt business, resulting in financial losses.
“Do not open attachments you were not expecting, even if they come from a friend, colleague, or family member,” Certin said. The cybersecurity watchdog has suggested that users make a phone call or send a message to the sender to cross-check if the person has intentionally sent the file.
“If the sender’s message seems unusual or out of character, treat it as suspicious,” Certin said. On June 10, Certin also enhanced security compliance requirements for original equipment makers, which include companies that make mobile phones, computers, etc., following an increase in AI-based cyber attacks.
