Ghana’s Cyber Security Authority (CSA) has uncovered a sophisticated cyber scam targeting bank and mobile money users through WhatsApp Web. The attack, which mainly affects Windows computer users, involves criminals sending malicious ZIP files disguised as legitimate documents such as invoices or work files.
According to the CSA, once victims download and extract the files, a malware known as Astaroth is secretly installed. The virus then connects to WhatsApp Web, harvests contacts, and automatically spreads the malicious files to others, enabling rapid and silent transmission.
In the background, the malware steals sensitive information including banking login credentials, one-time passwords (OTPs), mobile money verification codes, browser cookies, and keystrokes, allowing criminals to access accounts and carry out fraudulent transactions.
The CSA has urged the public to be cautious when opening attachments on messaging platforms, even from trusted contacts, and to keep devices updated with security patches and antivirus software. Victims or suspected cases are encouraged to report to the CSA via report@csa.gov.gh, the 292 hotline, WhatsApp 0501603111, or the CSA Ghana mobile app.