CSA Issues Alert on WhatsApp Web-Based Banking Malware Attack on Windows Users

The Cyber Security Authority (CSA) has issued an alert on a banking malware attack that uses WhatsApp Web on Windows computers.

The banking malware called Astaroth is designed to steal banking details and login information, putting individuals and organisations at serious risk.

According to the CSA, criminals take advantage of the popularity and the trust people have in WhatsApp to trick users into getting infected.

“The campaign shows how cybercriminals are changing their methods and using everyday digital tools to carry out financial crimes.”

Modus Operandi
Threat actors initiate the attack by sending malicious ZIP files to victims through WhatsApp messages.

These files are often disguised as legitimate documents or shared under convincing pretexts to encourage users to download and open them.

Once the ZIP file is extracted and executed on a Windows device, the Astaroth malware is installed, after which it silently connects to WhatsApp Web, where it retrieves the victim’s contact list and automatically sends similar malicious messages to all contacts, thereby propagating itself without the victim’s knowledge.

In the background, the malware conducts extensive data harvesting activities, including the theft of banking login credentials, one-time passwords (OTPs), browser cookies, and keystrokes.

This information can be used to gain unauthorised access to financial accounts, commit fraud, and facilitate further criminal activity.

Caution
In its statement, the CSA called for maximum caution when downloading or opening IP files or unexpected attachments received via WhatsApp, even if they come from known contacts.

It also flagged messages that call for immediate action or require file downloads and recommended active checks on WhatsApp Web sessions and logging out of any unrecognisable machines.

Additionally, it advised the public to avoid leaving WhatsApp Web signed in on shared or public computers and ensure that Windows operating systems and installed applications are kept up to date with the latest security patches.

It further recommended reputable and up-to-date endpoint security software capable of detecting and blocking malware activity.

Story by Hajara Fuseini

Click to read more: https://opemsuo.com/author/hajara-fuseini/