The Indian Computer Emergency Response Team (CERT-In) has issued a fresh cybersecurity advisory warning WhatsApp Web and WhatsApp Desktop users about a dangerous malware campaign that is spreading through compromised WhatsApp accounts. According to the advisory, cybercriminals are distributing malicious Visual Basic Script (.vbs) files via direct messages, potentially giving attackers access to victims' computers and sensitive information.
Security experts are urging users to verify every unexpected attachment before opening it, even if it appears to come from a trusted contact.
Why Has CERT-In Issued This Warning?
According to CERT-In, cybercriminals are actively targeting users through a large-scale malware distribution campaign affecting WhatsApp Web and WhatsApp Desktop.
The advisory, based on security findings from Kaspersky and Securelist, warns that attackers are exploiting compromised WhatsApp accounts to spread malicious attachments disguised as legitimate files.
Because the messages originate from trusted contacts, users are far more likely to open the attachments without suspecting foul play.
How Does This WhatsApp Malware Attack Work?
The attack follows a simple but highly effective strategy:
Cybercriminals first gain access to a user's WhatsApp account.
They send a malicious .vbs (Visual Basic Script) attachment to the victim's contacts.
Friends, colleagues, or family members receive the file from someone they know and trust.
If the attachment is opened, malicious code executes on the victim's computer.
This technique relies heavily on social engineering rather than technical vulnerabilities.
What Happens If You Open the Malicious File?
Opening a malicious VBScript attachment can expose users to several cybersecurity risks, including:
Remote access to the infected computer
Theft of passwords and login credentials
Installation of additional malware
Unauthorized access to sensitive personal or business data
Infection spreading across an organization's network
Business disruption and financial losses
In corporate environments, a single compromised system can potentially affect multiple connected devices.
CERT-In's Safety Tips for WhatsApp Users
The cybersecurity agency has advised users to follow these precautions:
Never open unexpected attachments without verification.
Confirm suspicious files by calling or messaging the sender separately.
Be cautious if a contact suddenly sends unusual files or behaves differently than normal.
Avoid downloading unknown script files or executable attachments.
Keep your operating system and antivirus software updated.
Regularly scan your device for malware.
Enable two-factor authentication wherever possible.
Why WhatsApp Web Users Are More Vulnerable
Unlike smartphones, WhatsApp Web and Desktop operate on computers that often contain:
Office documents
Banking information
Business credentials
Personal files
Company networks
A successful malware infection can therefore have much broader consequences than compromising a single messaging app.
Cybersecurity Threats Continue to Rise
CERT-In has repeatedly warned users and technology companies about the increasing sophistication of cyberattacks, including AI-assisted scams, phishing campaigns, and malware distribution.
The latest advisory highlights how attackers are increasingly exploiting trusted messaging platforms to trick users into compromising their own devices.
Stay Alert Before Opening Any WhatsApp Attachment
As WhatsApp has become an essential communication tool for both personal and professional use, blindly trusting files—even those sent by friends or colleagues—can be risky. Verifying attachments before opening them remains one of the simplest yet most effective ways to protect yourself against malware and cyber fraud.
Cybersecurity experts recommend treating every unexpected attachment with caution, regardless of who sends it.
Europe Heatwave Crisis: Residents Rush to Buy Cooling Appliances Amid Rising Temperatures
A severe heatwave sweeping across several European countries has sent temperatures soaring, promp
Petrol, Diesel and LPG Prices Today: Fuel Costs Rise, Adding Fresh Inflation Pressure
As of June 29, 2026, rising fuel costs continue to weigh heavily on household budgets across Indi
Investors Turn Cautious on Small and Mid-Cap Assets; Here's Where Safer Returns May Be Found
Recent volatility in the equity market has prompted many investors to reconsider their investment
In today's digital-first world, smartphones have evolved far beyond communication devices—t
Gmail Account Warning: Avoid This Common Mistake or Risk Losing Access to Your Gmail ID
Users subscribing to select Jio and Airtel recharge plans that include complimentary Google One c
iPhone 18 and iPhone 18e Launch Date Tipped: Major RAM Upgrade and AI Features Expected
While Apple's upcoming iPhone 18 Pro models continue to dominate headlines, fresh leaks suggest t
Savings Account Guide: How to Choose the Right Account Based on Your Spending Habits
Opening a savings account is often considered a routine banking task, but Selecting the wrong one
₹10,000 SIP to BMW: Find Out How Many Years It Could Take to Build the Required Corpus
Owning a luxury car like a BMW is a dream for many Indians, but the high price tag often makes it
