The attack primarily targets Windows computer users
The Cyber Security Authority (CSA) has uncovered a dangerous cyber attack scheme where criminals are exploiting WhatsApp Web to steal sensitive information, including banking credentials and mobile money verification codes.
According to the CSA, the attack primarily targets Windows computer users through malicious ZIP files disguised as legitimate documents.
It said the malware behind the operation has been identified as Astaroth, a sophisticated information-stealing virus.
In a release sighted by GhanaWeb, the Authority said attackers send victims ZIP files via WhatsApp, often posing as work documents, invoices, or shared files.
Once downloaded and extracted on a Windows device, the Astaroth malware installs silently.
Here’s the projected timeline for the Eastern Corridor Road project.
From there, it connects to WhatsApp Web, retrieves the victim’s contact list, and automatically sends similar malicious files to all contacts, spreading rapidly without the victim’s knowledge.
While this happens in the background, the malware harvests critical data.
It steals banking login details, one-time passwords (OTPs), browser cookies, and even records keystrokes.
Criminals can then use this stolen information to gain unauthorised access to bank accounts, compromise mobile money wallets, and carry out fraudulent transactions.
“In the background, the malware carries out extensive data-harvesting operations. These include stealing banking login details, one-time passwords (OTPs), browser cookies and recording keystrokes. The stolen information can then be used by criminals to gain unauthorised access to bank accounts, compromise mobile money wallets, and carry out fraudulent transactions,” part of the release read.
The CSA has urged the public to exercise caution when opening files received through messaging platforms, even if they appear to come from trusted contacts.
Users are also advised not to download or open suspicious attachments, to keep their devices updated with the latest security patches and antivirus software, and to report any unusual activity on their accounts immediately.
SA
Source:
www.ghanaweb.com
