The Cyber Security Authority (CSA) has issued a public alert warning of a banking malware campaign that uses WhatsApp Web to target Windows users. In light of this threat, the CSA urges individuals and organisations to exercise heightened caution.

Cybersecurity experts have discovered a new malware attack that exploits WhatsApp Web on Windows computers to spread a dangerous banking malware known as Astaroth. Criminals are taking advantage of the platform's popularity and the trust users have in WhatsApp to trick them into infection.

This malware is particularly perilous, as it is designed to steal banking details and login information, putting both individuals and organisations at significant risk.

The CSA's statement highlights how cybercriminals are evolving their tactics, using everyday digital tools to carry out financial crimes.

"Threat actors initiate the attack by sending malicious ZIP files to victims through WhatsApp messages. These files are often disguised as legitimate documents or shared under convincing pretexts to encourage users to download and open them."

Once the ZIP file is extracted and executed on a Windows device, the Astaroth malware is installed. After the installation, the malware silently connects to WhatsApp Web, retrieving the victim's contact list and automatically sending similar malicious messages to all contacts, thereby propagating itself without the victim's knowledge.

In the background, the malware conducts extensive data harvesting activities, including the theft of banking login credentials, one-time passwords (OTPs), browser cookies, and keystrokes. This information can be exploited to gain unauthorised access to financial accounts, commit fraud, and facilitate further criminal activity.

The CSA advises users to exercise caution when downloading or opening ZIP files or unexpected attachments received via WhatsApp, even if they appear to come from known contacts. Be wary of messages that call for immediate action or require file downloads, as these are common social engineering tactics.

"Check active WhatsApp Web sessions and log out of any you do not recognise. Avoid leaving WhatsApp Web signed in on shared or public computers. "Ensure that Windows operating systems and installed applications are kept up to date with the latest security patches. Use reputable and up-to-date endpoint security software capable of detecting and blocking malware activity."

The CSA has a 24-hour Cybersecurity/Cybercrime Incident Reporting Point of Contact (PoC) for reporting cybercrimes and seeking guidance on online activities. Contact options include: Call or Text - 292, WhatsApp - 0501603111, Email - report@csa.gov.gh.