Using WhatsApp Web Or Desktop? Govt Warns Of Large-Scale Malware Campaign
Using WhatsApp Web Or Desktop? Govt Warns Of Large-Scale Malware Campaign Published By, Last Updated: June 28, 2026, 20:06 IST In an advisory, the Indian
Using WhatsApp Web Or Desktop? Govt Warns Of Large-Scale Malware Campaign Published By, Last Updated: June 28, 2026, 20:06 IST In an advisory, the Indian Computer Emergency Response Team (Cert-In) said the campaign is targeting users through malicious file attachments sent via WhatsApp. According to the advisory, attackers are using compromised WhatsApp accounts to send harmful Visual Basic Script (VBScript) files directly to victims. (AI-generated image) India’s cybersecurity watchdog Cert-In has warned WhatsApp Web and desktop users about a large-scale malware distribution campaign that could allow attackers to gain unauthorised access to devices and compromise personal data. In an advisory issued on June 25, the Indian Computer Emergency Response Team (Cert-In) said the campaign is targeting users through malicious file attachments sent via WhatsApp. The files are often disguised and may appear to come from trusted contacts such as friends, colleagues or family members.
“It has been observed that a large-scale malware distribution campaign is targeting WhatsApp Desktop and WhatsApp Web users. The campaign distributes malicious Visual Basic Script (VBScript) files through direct messages on the platform," CertIn said on its advisory. The note prepared based on Kaspersky and Securelist findings said that the threat actors leverage compromised WhatsApp accounts to send malicious attachments directly to victims, making the messages appear legitimate and significantly increasing the likelihood of successful compromise. “WhatsApp is a cross-platform instant messaging application that enables users to exchange messages, files, images, videos and other content across desktop and web platforms. Attackers use previously compromised WhatsApp accounts to send malicious VBScript (vbs) files to existing contacts. Because the messages originate from trusted contacts, recipients may be more inclined to open the attachment," Certin said. The successful execution of a malware attack can lead to remote access of the device by cybercriminals, stealing credentials to carry out fraudulent activities, deploy additional malware, infect the network from which the user is connected, disrupt business, resulting in financial losses.
“Do not open attachments you were not expecting, even if they come from a friend, colleague, or family member," Certin said. The cybersecurity watchdog has suggested that users make a phone call or send a message to the sender to cross-check if the person has intentionally sent the file. “If the sender’s message seems unusual or out of character, treat it as suspicious," Certin said. On June 10, Certin also enhanced security compliance requirements for original equipment makers, which include companies that make mobile phones, computers, etc., following an increase in AI-based cyber attacks. (With inputs from PTI) News18 Newsletter Handpicked stories, in your inbox A newsletter with the best of our journalism submit About the Author News Desk The News Desk is a team of passionate editors and writers who break and analyse the most important events unfolding in India and abroad.
The BriefWire