India's CERT-In Flags Large-Scale Malware Campaign Targeting WhatsApp Web, Desktop Users: Tips To Stay Safe

India's national cybersecurity watchdog has issued an advisory warning WhatsApp Web and Desktop users about a large-scale malware distribution campaign that could give attackers unauthorised access to their devices. The Indian Computer Emergency Response Team (CERT-In) said the campaign distributes malicious Visual Basic Script (VBScript) files through direct messages on the platform.

The advisory, prepared based on findings from Kaspersky and Securelist, said threat actors are leveraging compromised WhatsApp accounts to send malicious attachments directly to victims, which makes the messages appear legitimate and significantly raises the likelihood of a successful compromise.

How the attack works

According to CERT-In, attackers use previously compromised WhatsApp accounts to send malicious VBScript files to existing contacts, and because the messages originate from trusted contacts, recipients may be more inclined to open the attachment. WhatsApp's cross-platform nature, which lets users exchange messages, files, images and videos across desktop and web, is being exploited as the delivery mechanism for these payloads.

A report by Whalesbook on the advisory noted that when a user clicks on or executes the malicious VBScript attachment, the malware can grant attackers remote access to the device, which then allows criminals to steal sensitive information including login credentials, and potentially install further malicious software.

What's at risk?

CERT-In has warned that a successful attack can have cascading consequences. As per the advisory, a successful malware attack can lead to remote access of the device by cybercriminals, theft of credentials to carry out fraudulent activities, deployment of additional malware, infection of the network the user is connected to, and disruption of business resulting in financial losses.

For Indian businesses specifically, the stakes go beyond individual device security. With WhatsApp serving as a primary communication tool for millions of enterprises, from small startups to large corporations, a security breach through this channel can lead to direct financial losses, operational downtime, and reputational damage. The Whalesbook report framed the advisory as a reminder that cybersecurity is increasingly a board-level concern for companies that rely heavily on the messaging platform for daily operations.

CERT-In's advisory to users

The agency has laid out clear precautionary steps for users to avoid falling victim to the campaign. CERT-In's note instructs users, "Do not open attachments you were not expecting, even if they come from a friend, colleague, or family member."

Beyond simply avoiding unexpected files, the watchdog has suggested that users make a phone call or send a separate message to the sender to cross-check whether the person intentionally sent the file before opening it. This step is particularly important given that the entire attack hinges on exploiting the implicit trust users place in messages from known contacts.