The Cyber Security Authority (CSA) has issued an urgent public alert about a new malware campaign exploiting WhatsApp Web on Windows computers to steal banking and personal information.
The malware, identified as Astaroth, spreads through malicious ZIP files sent via WhatsApp messages. Cybercriminals often disguise these files as legitimate documents, tricking users into downloading and executing them. Once activated, the malware silently connects to WhatsApp Web, harvesting the victim’s contact list and sending infected messages to all contacts, enabling rapid self-propagation.
Astaroth is designed to extract sensitive data, including banking credentials, one-time passwords, browser cookies, and keystrokes, which can be used to gain unauthorised access to financial accounts and commit fraud. Experts warn that the campaign illustrates the evolving tactics of cybercriminals leveraging trusted everyday tools for financial crimes.
The CSA advises Windows users to exercise caution when opening unexpected attachments, even from known contacts, and to be wary of messages demanding urgent action. Users should regularly check active WhatsApp Web sessions, log out of unfamiliar devices, update their operating systems, and use reliable endpoint security software.
The authority has established a 24-hour reporting point for cyber incidents and guidance: Call or text 292, WhatsApp 0501603111, or email report@csa.gov.gh
.
As Ghana becomes increasingly digital, authorities emphasise vigilance, noting that protecting personal and financial data is critical to preventing cybercrime.