The Cyber Security Authority has issued a public alert warning of a new malware campaign targeting WhatsApp Web users on Windows computers, with the potential to compromise banking and other sensitive financial information.

The Authority said the attack is aimed at spreading a banking malware known as Astaroth, which exploits the trust and widespread use of WhatsApp to deceive users into downloading malicious files, exposing individuals and organisations to serious financial risks.

In a statement released on its official Facebook page, the Cyber Security Authority explained that the malware takes advantage of the popularity of WhatsApp to lure victims into opening harmful files.

“The malware takes advantage of the popularity and trust people place in WhatsApp to trick users into downloading malicious files. Once installed, it is capable of stealing banking details, login credentials, and other sensitive data, putting both individuals and organisations at serious financial risk,” the statement said.

According to the Authority, the attack usually begins when victims receive malicious ZIP files through WhatsApp messages. These files are often disguised as legitimate documents or shared content, encouraging users to download and open them. Once the ZIP file is extracted and executed on a Windows device, the Astaroth malware is installed.

The Authority noted that after installation, the malware secretly connects to WhatsApp Web, retrieves the victim’s contact list and automatically sends similar malicious messages to all contacts, enabling the malware to spread without the user’s knowledge.

It added that the malware operates in the background to harvest sensitive information, including banking login credentials, one-time passwords (OTPs), browser cookies and keystrokes. This stolen data can then be used to gain unauthorised access to financial accounts, commit fraud and support other criminal activities.

As part of its recommendations, the Cyber Security Authority urged users to be cautious when downloading or opening ZIP files or unexpected attachments received via WhatsApp, even if they appear to come from known contacts. It cautioned that files requesting urgent action or downloads are common social engineering tactics used by cybercriminals.

Users were also advised to regularly check active WhatsApp Web sessions and log out of any unfamiliar ones, avoid leaving WhatsApp Web signed in on shared or public computers, and keep Windows operating systems and installed applications updated with the latest security patches. The Authority further encouraged the use of reputable and up-to-date endpoint security software capable of detecting and blocking malware.

The Cyber Security Authority advised the public to report cyber incidents to the Cybersecurity/Cybercrime Incident Reporting Point of Contact for assistance by calling or texting 292, sending a WhatsApp message to 0501603111, or emailing report@csa.gov.gh.

The Cyber Security Authority (CSA) reported 194 cases of online fraud between January and March this year, resulting in a total financial loss of around GHS2,404,161.

According to the Authority, malicious actors create fake online shops or impersonate existing businesses on social media pages, offering heavily discounted goods.

They also create fake business listings or profiles with their contact details on Google Maps mimicking legitimate businesses or brands and use search engine optimization techniques to manipulate search results for the targeted brand to divert legitimate inquiries to the scammers' contact members.

After the unsuspecting victims engage and pay (usually to a mobile money wallet) for products, the scammers block them from making further contact, and the expected delivery does not materialize.

Malicious actors send unsolicited emails or messages claiming to be from a romantic partner, or a company offering deals associated with the festive season.

"These messages contain links or attachments that when clicked, install malicious software (malware), or steal personal information," the Cyber Security Authority.

The Authority has therefore cautioned the general public to be aware of unsolicited messages offering exciting or "too good to be true" deals.

"Use a reputable online marketplace or retailer when purchasing items or gifts. Consider reviews and customer feedback before making an online purchase. Search engines can be manipulated to show misleading results. Check on the official website or with reliable sources to validate the contact details of the shop you are searching for.

"Insist on payment only after delivery and inspection and ensure that mobile money payments are made to wallets in the name of the online shop you are dealing with."

The Authority has advised against sharing personal information such as your Ghana card number, credit card information or bank account details with anyone.

They also issued an alert regarding a significant increase in job scam incidents across the country in 2024.

In a public statement, the CSA revealed that it has received at least 15 reports through cybercrime/cybersecurity incident reporting points of contact, with victims losing over GH₵124,000.

The CSA warned citizens to be cautious of unsolicited messages offering job opportunities, as scammers often pose as recruiters to deceive unsuspecting individuals.

Additionally, people are advised to be skeptical of advertisements promising high-paying jobs that require minimal work.

“If it seems too good to be true, it’s likely a scam,” the CSA stated.

The Cyber Security Authority emphasized that poor grammar, spelling mistakes, or unprofessional communication in job advertisements are red flags indicating that the advertisement may not be genuine and should be ignored.

Job-seekers are encouraged to verify job advertisements directly with the company's official website or contact information to ensure their legitimacy.

“Avoid relying solely on communication through email or instant messaging.”

Also, job-seekers have been advised against sharing personal or financial information unless they are certain of the legitimacy of the prospective employer.