India's Computer Emergency Response Team (Cert-In) has issued a warning about a large-scale malware distribution campaign targeting WhatsApp Web and desktop users. The campaign uses compromised WhatsApp accounts to send malicious VBScript (.vbs) attachments, which can lead to device compromise, credential theft, and financial losses.
Campaign Details and Attack Vector
According to a Cert-In note released on June 25, 2026, the campaign distributes malicious Visual Basic Script files through direct messages on WhatsApp. The advisory is based on findings from cybersecurity firms Kaspersky and Securelist. Attackers exploit previously compromised WhatsApp accounts to send these attachments to existing contacts, making the messages appear legitimate and increasing the likelihood of successful compromise.
"It has been observed that a large-scale malware distribution campaign is targeting WhatsApp Desktop and WhatsApp Web users. The campaign distributes malicious Visual Basic Script (VBScript) files through direct messages on the platform," Cert-In stated.
Risks and Impact
Successful execution of the malware can grant cybercriminals remote access to the victim's device, enabling them to steal credentials, carry out fraudulent activities, deploy additional malware, infect the network, and disrupt business operations, potentially causing financial losses.
Cert-In emphasized that users should not open attachments they were not expecting, even if they come from a trusted contact. The agency advises verifying the authenticity of the file by calling or messaging the sender directly. "If the sender's message seems unusual or out of character, treat it as suspicious," Cert-In added.
Broader Cybersecurity Context
This warning follows Cert-In's June 10 announcement of enhanced security compliance requirements for original equipment manufacturers (OEMs), including mobile phone and computer makers, in response to an increase in AI-based cyberattacks. The move aims to strengthen device security and protect users from evolving threats.
