Close
  1. Home
  2. General News
  3. CSA Issues Alert on WhatsApp Web-Based Banking Malware Attack on Windows Users

CSA Issues Alert on WhatsApp Web-Based Banking Malware Attack on Windows Users

Posted by Serwaa Danso on January 27, 2026.
logo

logo

The Cyber Security Authority (CSA) has issued an alert on a banking malware attack that uses WhatsApp Web on Windows computers.

Popular:Staff exodus hits Komfo Anokye Teaching Hospital

The banking malware called Astaroth is designed to steal banking details and login information, putting individuals and organisations at serious risk.

“The campaign shows how cybercriminals are changing their methods and using everyday digital tools to carry out financial crimes.”

Popular:Lady pours acid on boyfriend over suspected cheating

Modus Operandi
Threat actors initiate the attack by sending malicious ZIP files to victims through WhatsApp messages.

These files are often disguised as legitimate documents or shared under convincing pretexts to encourage users to download and open them.

Popular:ECG sends warning to Ghanaians

Once the ZIP file is extracted and executed on a Windows device, the Astaroth malware is installed, after which it silently connects to WhatsApp Web, where it retrieves the victim’s contact list and automatically sends similar malicious messages to all contacts, thereby propagating itself without the victim’s knowledge.

Trending:  ‘He shut the door in our faces’ - Ghana’s envoy reacts to Ken Ofori-Atta decision

In the background, the malware conducts extensive data harvesting activities, including the theft of banking login credentials, one-time passwords (OTPs), browser cookies, and keystrokes.

This information can be used to gain unauthorised access to financial accounts, commit fraud, and facilitate further criminal activity.

Caution
In its statement, the CSA called for maximum caution when downloading or opening IP files or unexpected attachments received via WhatsApp, even if they come from known contacts.

Trending:  LIVE: BoG Governor, officials appear before Public Accounts Committee

It also flagged messages that call for immediate action or require file downloads and recommended active checks on WhatsApp Web sessions and logging out of any unrecognisable machines.

Additionally, it advised the public to avoid leaving WhatsApp Web signed in on shared or public computers and ensure that Windows operating systems and installed applications are kept up to date with the latest security patches.

Trending:  141 Nigerians Arrested in Tabora and Lashibi for Alleged MoMo Fraud, Other Cyber Crimes

It further recommended reputable and up-to-date endpoint security software capable of detecting and blocking malware activity.

Story by Hajara Fuseini

Click to read more:

Source:
opemsuo.com

Related Stories

scroll to top