Home

National

Beware: WhatsApp Users Targeted by New Malware Campaign!

A recent cybersecurity alert warns WhatsApp web and desktop users about a large-scale malware campaign. Cybercriminals are exploiting compromised accounts to send malicious attachments, increasing the risk of unauthorized access to devices. Users are advised to be cautious with unexpected files, even from trusted contacts. The Indian Computer Emergency Response Team emphasizes the importance of verifying the legitimacy of messages and attachments. This warning comes amid heightened security measures for device manufacturers in response to rising AI-based cyber threats. Stay informed and protect your devices from potential attacks.
By Narendra Chaudhary | Jun 28, 2026, 20:13 IST
gyanhigyan

Cybersecurity Alert for WhatsApp Users


New Delhi: A significant malware distribution scheme is currently targeting users of WhatsApp on web and desktop platforms, as reported by the national cybersecurity authority, CertIn.


The Indian Computer Emergency Response Team (CERT-IN) has issued a warning urging WhatsApp web and desktop users to exercise caution regarding any attachments received, even if they appear to come from trusted sources such as friends, colleagues, or family.


According to CertIn's findings, a widespread malware campaign is distributing harmful Visual Basic Script (VBScript) files via direct messages on WhatsApp. This alarming trend was noted on June 25.


The report, based on research from Kaspersky and Securelist, indicates that cybercriminals are exploiting compromised WhatsApp accounts to send these malicious files, making the messages seem credible and increasing the chances of successful infiltration.


CertIn explained that WhatsApp serves as a cross-platform messaging service, allowing users to share messages, files, images, and videos across various devices. Attackers utilize previously hacked accounts to dispatch harmful VBScript files to contacts, leading recipients to be more likely to open these attachments due to their trusted origins.


If executed successfully, such malware attacks can grant cybercriminals remote access to devices, enabling them to steal credentials for fraudulent activities, deploy further malware, infect networks, and disrupt business operations, ultimately resulting in financial losses.


CertIn advises users to refrain from opening unexpected attachments, regardless of the sender's identity.


To verify the legitimacy of a file, users are encouraged to call or message the sender directly.


If a message seems out of character or unusual, it should be treated with suspicion.


Additionally, on June 10, CertIn strengthened security compliance measures for original equipment manufacturers, including mobile and computer manufacturers, in response to a rise in AI-driven cyber threats.


Latest News

Politics

Entertainment

Sports

Science/Tech

Around The Web