The (CSA) has issued a public alert warning Windows users of a new malware campaign exploiting WhatsApp Web to spread a dangerous banking malware known as Astaroth.
According to cybersecurity experts, the attack leverages the widespread trust in WhatsApp to trick users into downloading malicious ZIP files disguised as legitimate documents. Once extracted and executed, the malware installs itself on the victim’s device, silently harvesting sensitive data including banking credentials, keystrokes, OTPs, browser cookies, and authentication details.
The malware also connects to WhatsApp Web to access the victim’s contacts and automatically sends similar malicious messages, allowing the attack to propagate undetected.
The CSA recommends users exercise caution when opening ZIP files or unexpected attachments received via WhatsApp—even from known contacts. It also advises against downloading files or clicking links from unknown sources, and urges users to install updated antivirus software, avoid leaving WhatsApp Web signed in on shared devices, and ensure all applications are patched with the latest security updates.
The Authority has provided a 24-hour incident reporting point of contact for guidance and support. Users can call or text 292, WhatsApp 0501603111, or email report@csa.gov.gh.
The alert was issued on January 27, 2026, under reference CSA/CERT/MPA/2026-01/01.
Leave a Reply