channel247 online
The Cyber Security Authority (CSA) has issued a public alert over a dangerous malware campaign that exploits WhatsApp Web to steal banking and login credentials from Windows computer users.
According to the CSA, cybersecurity experts have uncovered a sophisticated banking malware known as Astaroth, which is being spread through malicious ZIP files sent via WhatsApp messages. The campaign targets unsuspecting users by disguising the files as legitimate documents and shared under convincing pretexts to encourage downloads.
Once a victim opens and executes the file on a Windows device, the malware installs silently in the background. It then connects to WhatsApp Web, gains access to the victim’s contact list, and automatically sends similar malicious messages to all contacts, enabling the malware to spread rapidly without the user’s knowledge.
The CSA explained that the malware is capable of harvesting sensitive information, including banking login credentials, one-time passwords (OTPs), browser cookies, and keystrokes. This data can be used to gain unauthorised access to financial accounts, commit fraud, and support other criminal activities, posing serious risks to both individuals and organisations.
The authority noted that the campaign highlights the evolving tactics of cybercriminals, who increasingly exploit trusted and widely used digital platforms to carry out financial crimes.
As part of its recommendations, the CSA urged the public to exercise caution when downloading or opening ZIP files and unexpected attachments received via WhatsApp, even if they appear to come from known contacts. Users have also been advised to be wary of messages that demand urgent action or require file downloads, as these are common social engineering techniques.
The CSA further encouraged users to regularly check their active WhatsApp Web sessions and log out of any unfamiliar ones, avoid leaving WhatsApp Web signed in on shared or public computers, and ensure that their Windows systems and applications are updated with the latest security patches. The use of reputable and up-to-date endpoint security software was also strongly recommended.
The Cyber Security Authority reminded the public that it operates a 24-hour Cybersecurity and Cybercrime Incident Reporting Point of Contact for reporting suspected cybercrimes and seeking assistance. Reports can be made by calling or texting 292, via WhatsApp on 0501603111, or by email at report@csa.gov.gh.
The alert was issued on January 27, 2026, as part of the CSA’s ongoing efforts to protect Ghana’s digital space and enhance public awareness of emerging cyber threats.
Yaw Boagyan
Rafiq Adam
