The Cyber Security Authority (CSA) has urged the public to exercise caution after uncovering a dangerous cybercrime scheme in which criminals are exploiting WhatsApp Web to steal banking credentials and one-time passwords (OTPs), including mobile money verification codes, from unsuspecting users in Ghana.
According to the CSA, the attack mainly affects users who access WhatsApp on Windows computers.
Criminals send malicious ZIP files through WhatsApp messages, disguising them as legitimate documents such as invoices, work files or shared records. Once opened, the files install a malware known as Astaroth, an advanced information-stealing virus.
The CSA explained that the attack begins when unsuspecting users download and extract these ZIP files.
Without any obvious warning, the malware is installed on the computer and gains access to WhatsApp Web.
Once active, the malware quietly copies the victim’s contact list and automatically sends similar harmful files to those contacts, allowing the attack to spread rapidly without the user’s awareness.
At the same time, the malware runs in the background, harvesting sensitive information.
This includes banking login details, one-time passwords, browser cookies and keystrokes.
Criminals can then use the stolen data to access bank accounts, compromise mobile money wallets and carry out fraudulent transactions.
The CSA has urged the public to remain vigilant when receiving files through messaging platforms, even if they appear to come from trusted contacts.
Users are advised to avoid opening suspicious attachments, keep their devices updated with the latest security patches and antivirus software, and promptly report any unusual activity on their accounts.
Anyone affected by the malware can reach out to engineers at the CSA for assistance via the contacts below:
- Email :report@csa.gov.gh
- Call:292
- SMS: 292
- Whatsapp: 0501603111
- Mobile App : CSA GHANA
