Hackers are 'using your friends’ WhatsApp accounts' to take over your computer: Report
Cybercriminals are launching a massive global malware campaign by hijacking WhatsApp accounts to break into users’ computers. According to a report by Kaspersky’s Global Research and Analysis Team (GReAT), a sophisticated campaign is targeting users of WhatsApp Desktop and WhatsApp Web. By taking co
By Toi Tech Desk
Cybercriminals are launching a massive global malware campaign by hijacking WhatsApp accounts to break into users’ computers.
According to a report by Kaspersky’s Global Research and Analysis Team (GReAT), a sophisticated campaign is targeting users of WhatsApp Desktop and WhatsApp Web.
By taking control of standard administrative capabilities on victims’ computers, the hackers can gain complete remote access to the compromised machines.The hacking campaign is a clever social engineering cyber attack as hackers – instead of using random, suspicious phone numbers – send direct messages from WhatsApp accounts they have already broken into.
This is due to the fact that since the messages come from a trusted contact, recipients are far more likely to download the attached files quickly.To make the trap even more convincing, the malicious files are disguised as routine business documents that people handle every day, such as:InvoicesBank and account statementsPayment records and debt noticesTo trick the computer's built-in defenses, the malicious code even contains hidden text and metadata designed to mimic legitimate Microsoft Windows Update components, Kaspersky’s report pointed out.“Attackers are exploiting trust within messaging platforms.
The file names are carefully disguised as routine business documents... and localized across multiple languages to support broad targeting.
Once opened, they trigger a staged infection chain that silently retrieves and executes additional malicious components,” explained Fareed Radzi, a security researcher at Kaspersky GReAT.
Users of these countries are at riskThe campaign has an international footprint, with localised file names written in English, Portuguese, French, German and Malay.
While it has heavily hit European language regions, a significant wave of victims has already been identified across Asia and South America.
Affected areas include Brazil, Singapore, Taiwan, and Vietnam, with the highest number of overall infections observed in Malaysia.How the WhatsApp desktop and WhatsApp web hacking attack works If a user clicks on the malicious file, it kicks off a silent, multi-stage infection process inside their computer.
First, the file launches a hidden script that builds a secret working folder deep within the computer’s public documents.Then, the malware connects to an external server run by the hackers to pull down additional malicious files.
Finally, it installs a commercial Remote Monitoring and Management (RMM) software package or tools which the hackers use them to spy on and completely control the victim’s system.How to protect yourself Security experts urge WhatsApp users to stay vigilant and follow these immediate safety guidelines.Be cautious of any unexpected attachments sent over WhatsApp, even if they look like they are coming from a close friend or trusted business partner.
Never open files that end in script or executable formats, such as .vbs, .vbe, .exe, .bat, or .js unless you are absolutely certain they are safe.Get the latest technology news and updates.
Download the TOI App.