The advisory was issued based on a note prepared by Kaspersky and Securelist findings saying that the threat actors leverage compromised WhatsApp accounts to send malicious attachments directly to victims.

| Photo Credit:

Dado Ruvic

The Indian Computer Emergency Response Team (CERT-In), under the Ministry of Electronics and Information Technology (MeitY), has warned WhatsApp web and desktop users to be cautious of any attachments, even if they come from a friend, colleague or a family member.The national nodal agency responsible for safeguarding India’s cyberspace said that WhatsApp web and desktop users are being targeted by a large-scale malware distribution campaign that could give criminals unauthorised access and compromise their devices.On June 10, CERT-In had also enhanced security compliance requirements for original equipment makers, including mobile phones manufacturers, computers etc, following an increase in AI-based cyber attacks.“It has been observed that a large-scale malware distribution campaign is targeting WhatsApp Desktop and WhatsApp Web users. The campaign distributes malicious Visual Basic Script (VBScript) files through direct messages on the platform,” said an advisory issued by CERT-In dated June 25.The advisory was issued based on a note prepared by Kaspersky and Securelist findings saying that the threat actors leverage compromised WhatsApp accounts to send malicious attachments directly to victims, making the messages appear legitimate and significantly increasing the likelihood of successful compromise.“The filenames are localised in several languages, including English, Portuguese, French, German, and Malay, indicating a broad targeting strategy. In addition, the VBScript samples contain extensive comments and metadata intended to mimic legitimate Microsoft Windows Update components,” it said.What to do if you get suspicious texts?Therefore, to protect against the ongoing WhatsApp malware and similar threats, users have been advised not to open attachments which were not expected, from anyone including files claiming to be invoices, payment receipts, account statements, or financial documents.CERT-In has advised the users to contact the sender through a phone call or separate message to confirm they intentionally sent the file, and if the sender’s message seems unusual or out of character, treat it as suspicious.It has also advised not to click on links from unknown or unexpected messages and verify shortened or unfamiliar URLs before opening them.The successful execution of a malware attack can lead to remote access of the device by cybercriminals, stealing credentials to carry out fraudulent activities, deploy additional malware, infect the network from which the user is connected, disrupt business, resulting in financial losses, it added.Published on June 28, 2026