A threatening cyber attack is being investigated by the Cyber Security Authority (CSA), according to which criminals are using WhatsApp Web to steal sensitive data, such as banking details and mobile money verification codes.
As stated by the CSA, the attack is mostly directed at Windows computer users with the use of malicious ZIP files that look like legitimate documents.
The software used in the attack has been detected as Astaroth, which is a high-end information-stealing virus.
The Authority, in a release signed by GhanaWeb Business, clarified that attackers send victims files in the form of zip files through WhatsApp, and in most cases, they consist of work documents, invoices or shared files.
After the malware Astaroth is downloaded and extracted on a Windows machine, it silently installs.
It then links to the WhatsApp Web, retrieves the address book of the victim, and automatically transmits malicious files to all contacts, which spreads quickly without the victim’s knowledge.
This occurs in the background as the malware gathers vital information.
It intercepts banking logins, one-time passwords (OTPS), cookies on browsers and even logs keystrokes.
Other criminals can then utilise these stolen details to cause unauthorised access to bank accounts, the theft of mobile money wallets and commit fraudulent transactions.
“In the background, the malware is performing massive data-harvesting activities. They are stealing banking logins, one-time passwords (OTPs), cookies in browsers and capturing keystrokes. Information stolen may also be exploited by the criminals to gain unauthorised access to bank accounts, steal mobile money wallets and engage in fraudulent transactions,” part of the release stated.
The CSA has advised the citizens to be cautious when accessing files sent to them via messaging services, regardless of whether they are purportedly sent by trusted persons.
It is also recommended that users do not download or open suspicious attachments, ensure their devices are up to date with the latest security patches and antivirus programs, and report unusual activity in their accounts promptly.
