Science & Technology

CERT-In Warns of Large-Scale Malware Campaign Targeting WhatsApp Web and Desktop Users

By TestNeeti Editorial TeamPublished Sunday, 28 June 2026 2 min readSource: The Hindu BusinessLineArticle 6 of 6

India's national cybersecurity agency, the Indian Computer Emergency Response Team (CERT-In) — under the Ministry of Electronics and Information Technology (MeitY) — warned that a large-scale malware distribution campaign is targeting WhatsApp Web and Desktop users, in an advisory note dated 25 June 2026 and widely reported on 28 June 2026. According to CERT-In, the campaign spreads malicious Visual Basic Script (VBScript) files through direct messages on the platform; if opened, these can give attackers unauthorised access to devices and compromise sensitive data. The agency urged users not to open attachments they were not expecting, even when the file appears to come from a known friend, colleague or family member, because compromised contacts can be used to spread the malware.

Key Facts & Details

9 points

1
CERT-In warned of a large-scale malware campaign targeting WhatsApp Web and Desktop users.
2
The malware spreads via malicious VBScript (Visual Basic Script) files sent as attachments in direct messages.
3
Opening the files can give criminals unauthorised access to devices and compromise sensitive data.
4
CERT-In advised users not to open unexpected attachments, even from known contacts.
5
CERT-In operates under the Ministry of Electronics and Information Technology (MeitY).
6
The advisory note was dated 25 June 2026 and widely reported on 28 June 2026.

Deep Dive

+
Compromised accounts can be weaponised to forward the malicious files to a victim's contacts, accelerating the campaign's spread.
+
VBScript is a scripting language that can execute commands on Windows systems, making such attachments especially dangerous on desktops.
+
CERT-In is India's nodal agency for responding to cybersecurity incidents and issuing such public advisories.

Exam Focus

Which Indian agency issued the June 2026 advisory on malware targeting WhatsApp Web/Desktop, and under which ministry does it function?

Exam Relevance & Angle

Cybersecurity awareness and the role of CERT-In are recurring topics in banking and SSC general-awareness sections, especially given the financial-fraud angle. Questions commonly test CERT-In's parent ministry (MeitY), its mandate, and the nature of advisories — making this a directly testable, current item.

Target Exams

SBI POSBI ClerkIBPS POIBPS ClerkIBPS RRB OfficerIBPS RRB AssistantRBI Grade BRBI AssistantNABARD Grade ASSC CGLSSC CHSLRRB NTPCLIC AAOUPSC CSEState PCS

Background & Context

The Indian Computer Emergency Response Team (CERT-In) is India's national nodal agency for responding to computer-security incidents, operating under the Ministry of Electronics and Information Technology (MeitY). Established and empowered under the Information Technology Act, 2000 (Section 70B), it issues alerts and advisories, coordinates incident response, and tracks cyber threats across the country. VBScript (Visual Basic Script) is a lightweight scripting language that can run automated commands on Windows machines; attackers disguise malicious scripts as ordinary attachments so that opening them silently installs malware. Messaging-platform-based 'social engineering' — abusing trust in known contacts — is a common vector for such large-scale crimeware campaigns.