CERT-In Flags Malware Threat Targeting WhatsApp Web Users Across India

An extensive campaign to distribute malware is targeting WhatsApp users on desktop and web. According to CERT-In, a national cybersecurity body, this campaign could allow hackers to get unauthorised access and compromise customers' devices. Users of WhatsApp on desktop and online should exercise caution while opening attachments, regardless of who sent them.

This caution extends to friends, family, coworkers, and even strangers. Users of WhatsApp Desktop and WhatsApp Web are the targets of a massive virus distribution campaign, according to CertIn's announcement on June 25. The campaign uses the platform's direct messaging feature to disseminate harmful Visual Basic Script (VBScript) files.

Modus Operandi of Hackers

The notice was generated using the results obtained from Securelist and Kaspersky. According to these results, bad actors use hijacked WhatsApp accounts to directly contact victims with harmful attachments. Therefore, enhancing the chances of successful compromise by making the emails seem real. Certin elaborated by saying that WhatsApp is an IM app that works on both desktop computers and mobile devices.

It lets users send and receive messages as well as files, photos, and videos. Criminals distribute harmful VBScript (.vbs) files to existing contacts using WhatsApp accounts that have already been hijacked. Recipients may be more likely to open the attachment if the communications come from someone they trust. Cybercriminals can gain remote access to the device if a malware attack is successful. So, this can cause credential theft, which in turn can lead to fraud, malware deployment, network infection, disruption of business, and financial losses.

Protection Guidelines from CERT-In

It doesn't matter if it's from a friend, coworker, or family member; CERT-In warned against opening unexpected attachments. In order to verify that the sender has transmitted the material on purpose, the cybersecurity watchdog recommends that users contact the sender via phone or messaging. Speaking more specifically, CERT-In warned that users should be wary of any communication from an unknown sender if it sounds suspicious.

Additional security compliance criteria for original equipment manufacturers were tightened by CERT-In on June 10th. Given the rise of cyberattacks utilising artificial intelligence, these needs are being met by manufacturers of mobile phones, laptops, etc.

Bigger Threat Looms at WhatsApp Web

The mobile environment is very different from the one in which WhatsApp Web and Desktop function. Operating system sandboxing restricts the actions of harmful files on smartphones. When users run a VBScript file on a Windows laptop or desktop, the full permissions of the currently logged-in user, who is usually an administrator, are applied. Malware has rapid and extensive access to the system in this way, without the need for any additional privilege escalation.

Bypassing the extra security measures that specialised email clients and enterprise security programs often apply to attachments, WhatsApp Web's browser-based nature also means that files download straight into the system's usual download folder. Conventional wisdom in cybersecurity teaches people to be wary of emails from unknown senders. However, this attack neutralises that instinct utterly by making it more legitimate, as now the message is coming from someone very close or known to the user.