CERT-In Issues WhatsApp Malware Alert for Web and Desktop Users Across India

CERT-In has issued a WhatsApp warning to millions of users about a new malware campaign targeting WhatsApp Web and WhatsApp Desktop. The Indian Computer Emergency Response Team (CERT-In), which is part of the Ministry of Electronics and Information Technology (MeitY), has warned users not to open unexpected attachments, especially if they are from trusted contacts such as friends, family members, or colleagues.

According to the advice, attackers use compromised WhatsApp accounts to deliver malicious Visual Basic Script (VBScript) files via direct messages. Because these messages look to be from someone the user knows, many individuals may open the attachment without understanding it is malware.

According to CERT-In, the attackers employ file names in a variety of languages, including English, French, German, Portuguese, and Malay, to target people across regions. The malicious files often include remarks and information that appear to be official Microsoft Windows Update files, giving the impression that they are safe.

If a user opens one of these infected files, hackers may get unauthorized access to their device. The malware has the potential to steal passwords, financial information, and other sensitive data. It can potentially install other malware, spread among connected networks, and result in financial loss or business damage.

To be cautious, CERT-In advises users not to open unexpected attachments, particularly those pretending to be invoices, payment receipts, account statements, or financial information. If you receive such a file, contact the sender by phone or in a separate message to confirm that they provided it. They also suggests avoiding unknown or suspicious sites and double-checking shortened URLs before clicking on them. Users should exercise extreme caution if a message appears unexpected or different from the sender's normal communication style. The warning comes as India continues to experience a rise in AI-powered attacks. Earlier this month, CERT-In increased cybersecurity compliance standards for device manufacturers in order to better protect against emerging cyber threats.

The latest WhatsApp malware attack is a reminder that cybercriminals are constantly finding new ways to trick users. Staying alert, verifying suspicious messages, and avoiding unknown attachments are some of the simplest and most effective ways to protect your personal data and devices from cyber threats.

This article is based on information from Business Line