Image used for representational purposes only. (Photo | Pixabay)
Tech

CERT-In warns against malware campaign spreading through WhatsApp web

The note prepared based on Kaspersky and Securelist findings said that the threat actors leverage compromised WhatsApp accounts to send malicious attachments directly to victims.

TNIE online desk

WhatsApp web and desktop users are being targeted by a large-scale malware distribution campaign that could give criminals unauthorised access and compromise their devices, national cybersecurity watchdog CERT-In said in a note.

The Indian Computer Emergency Response Team has warned WhatsApp web and desktop users to be cautious of any attachments, even if they come from a friend, colleague or family member.

"It has been observed that a large-scale malware distribution campaign is targeting WhatsApp Desktop and WhatsApp Web users. The campaign distributes malicious Visual Basic Script (VBScript) files through direct messages on the platform," CERT-In said on June 25.

The note prepared based on Kaspersky and Securelist findings said that the threat actors leverage compromised WhatsApp accounts to send malicious attachments directly to victims, making the messages appear legitimate and significantly increasing the likelihood of successful compromise.

"WhatsApp is a cross-platform instant messaging application that enables users to exchange messages, files, images, videos and other content across desktop and web platforms. Attackers use previously compromised WhatsApp accounts to send malicious VBScript (vbs) files to existing contacts. Because the messages originate from trusted contacts, recipients may be more inclined to open the attachment," CERT-In said.

The successful execution of a malware attack can lead to remote access of the device by cybercriminals, stealing credentials to carry out fraudulent activities, deploy additional malware, infect the network from which the user is connected, disrupt business, resulting in financial losses.

"Do not open attachments you were not expecting, even if they come from a friend, colleague, or family member," CERT-In said.

The cybersecurity watchdog has suggested that users make a phone call or send a message to the sender to cross-check if the person has intentionally sent the file. "If the sender's message seems unusual or out of character, treat it as suspicious," CERT-In said.

On June 10, CERT-In also enhanced security compliance requirements for original equipment makers, which include companies that make mobile phones, computers, etc., following an increase in AI-based cyber attacks.

(With inputs from PTI)

Follow The New Indian Express channel on WhatsApp 

Download the TNIE app to stay with us and follow the latest

Add as a preferred source on Google

Also Read

'Better to look inwards': India rejects Pakistan's allegations of New Delhi link to Karachi attack

PM Modi says Indian Ocean must become 'ocean of opportunity'; India, Seychelles sign nine pacts

Aramco helicopter crash kills 14 in Saudi Arabia's Ras Tanura

Trump presses Syria to take on Hezbollah, raising alarm in Lebanon and Israel

Bihar-based conman suspected to be mastermind behind Maharashtra's TET question paper leak case

SCROLL FOR NEXT