In a recent public alert, the Cyber Security Authority (CSA) of Ghana has warned Windows users of a sophisticated banking malware campaign targeting them through WhatsApp Web.

The malware, known as Astaroth, has been identified as a significant threat to both individuals and organisations, potentially leading to severe financial losses.

The CSA has detailed the modus operandi of the attackers, revealing that they initiate their campaign by sending malicious ZIP files to victims via WhatsApp messages.

These files are often disguised as legitimate documents or shared under convincing pretexts, encouraging users to download and open them.

Once the ZIP file is extracted and executed on a Windows device, the Astaroth malware is installed.

After installation, the malware silently connects to WhatsApp Web, where it retrieves the victim's contact list and automatically sends similar malicious messages to all contacts, thereby propagating itself without the victim's knowledge.

In the background, the malware conducts extensive data harvesting activities, including the theft of banking login credentials, one-time passwords (OTPs), browser cookies, and keystrokes.

This information can be used to gain unauthorised access to financial accounts, commit fraud, and facilitate further criminal activity.

Cybersecurity/Cybercrime Incident Reporting Point of Contact (PoC) for reporting cybercrimes and seeking guidance and assistance on online activities. Individuals can call or text 292, WhatsApp 0501603111, or email [email protected] to report incidents.