A hazardous cyber attack scheme has been discovered by the Cyber Security Authority (CSA) in which criminals are manipulating WhatsApp Web to steal banking details and one – time passwords (OTP), including mobile money verification codes, from clueless users in Ghana.
This Cyber attack according to the CSA, firstly targets Windows computer users via harmful ZIP files forwarded through WhatsApp messages and masked as genuine documents. Astaroth has been identified as the spyware involved in the operation and it is an advanced information – stealing virus.
The CSA says that the first step for the threat actors is to provide victims ZIP files on WhatsApp, sometimes under compelling justification such as shared documents, statements or work papers. Following the file extraction and download, the Astaroth virus installs secretly on a Windows system.
Once set up, the spyware silently downloads the contact list of the victim and taps WhatsApp Web, hence by automatically sending the same harmful messages to everyone of their contact, enabling the virus to spread rapidly without the victims awareness.
Background – wise, the spyware collects extensive data. This includes capturing keystrokes, stealing one-time passwords (OTPs), browser cookies and banking logins. Criminals might then use the acquired data to breach bank accounts, engage in illegal transactions and endanger mobile money wallets.
The Cyber Security Authority advises the general public to be vigilant when accessing documents they get via messaging services, even if the sender seems to be someone they know.
Users are advised to report any unusual activity on their account right away and keep their gadgets with the most recent antivirus software and security updates. They should also avoid downloading or opening questionable attachments.
Those infected by the spyware can contact these contacts to get help from CSA engineers:
. Email: report@csa.gov.gh
. Call: 292
. SMS: 292
. WhatsApp : 0501603111
. Mobile App: CSA GHANA
About the Author
