Widespread Malware Campaign Targets WhatsApp Users
India's cybersecurity watchdog, the Computer Emergency Response Team (CERT-In), has issued a critical advisory warning of a large-scale malware campaign targeting WhatsApp Web and desktop users. In an advisory released on June 25, 2026, CERT-In stated that threat actors are distributing malicious Visual Basic Script (VBScript or .vbs) files through direct messages on the platform. These files, when opened, can compromise user systems, leading to data theft, unauthorized access, and potential further network infiltration.
How the Attack Works
The advisory details that attackers send messages containing .vbs attachments disguised as legitimate documents, invoices, or images. Unsuspecting users who open these attachments trigger the execution of malicious code, which downloads additional payloads or establishes remote access to the victim's machine. According to CERT-In, the campaign appears to be widespread, affecting users across multiple regions in India and potentially globally.
Impact and Recommendations
CERT-In has urged users to exercise extreme caution when receiving unsolicited messages with attachments, even from known contacts, as accounts may be compromised. The agency recommends not opening any attachments from unknown or untrusted sources, verifying the authenticity of messages through alternative channels, and ensuring that antivirus software is up to date. Additionally, users should enable two-factor authentication for their WhatsApp accounts and regularly backup important data.
Official Response and Statistics
In a statement, CERT-In noted that it has received multiple reports of this malware campaign since early June 2026. While exact numbers of affected users were not disclosed, the advisory describes the scale as "large" and emphasizes the need for immediate preventive measures. The agency is working with WhatsApp parent company Meta to mitigate the threat and track the attackers.
Broader Implications for Cybersecurity
This incident highlights the growing sophistication of social engineering attacks on popular messaging platforms. Cybersecurity experts have long warned about the risks of file-sharing features on apps like WhatsApp. Users are advised to treat any unexpected file with suspicion, as even trusted contacts can unknowingly spread malware. CERT-In continues to monitor the situation and will provide updates as more information becomes available.
