CERT-In Issues Cyber Alert for WhatsApp Web and Desktop Users Over Malware Attack

CERT-In has warned WhatsApp Web and Desktop users about a malware campaign using malicious .vbs files sent through hacked accounts. Users are advised not to open unexpected attachments.

CERT-In Issues Cyber Alert for WhatsApp Web and Desktop Users Over Malware Attack

The Indian Computer Emergency Response Team (CERT-In) has issued a cyber security advisory warning WhatsApp Web and Desktop users about an ongoing malware campaign targeting unsuspecting users through malicious file attachments.

According to the advisory, cybercriminals are using compromised WhatsApp accounts to send harmful VBScript (.vbs) files to contacts. Since the messages originate from trusted friends, family members, or colleagues, recipients may unknowingly open the attachments, allowing the malware to infect their devices.

CERT-In has strongly advised users not to open any unexpected or unsolicited .vbs files, even if they appear to have been sent by someone they know. Before opening such files, users should verify their authenticity by contacting the sender through a phone call or a separate message.

Opening a malicious .vbs file can allow attackers to gain unauthorized access to a computer, potentially enabling them to steal passwords, banking credentials, personal information, and other sensitive data. In some cases, the malware may also give hackers remote control over the infected device.

Users are encouraged to remain cautious while handling file attachments on WhatsApp Web and Desktop, keep their operating systems and antivirus software up to date, and avoid downloading or executing files from unknown or unexpected sources.

CERT-In has urged individuals and organizations to follow safe cyber security practices, verify suspicious messages before taking any action, and report any unusual activity to help prevent the spread of malware and protect personal and organizational data.