Cybersecurity researchers have warned of a large-scale malware campaign actively exploiting popular messaging platforms, with WhatsApp at the centre of the operation.
According to researchers, attackers are using compromised WhatsApp accounts to send automated messages containing malicious links or files. Once a user clicks an attachment, malware installs on the system, often before antivirus software can respond.
Security firms report that the malware usually appears as an ordinary document or file. After activation, it deploys multiple loaders on Windows systems and relies on PowerShell and other scripting tools to bypass detection. The malicious code remains hidden within encrypted strings and delays execution until it has evaluated the system environment.
⚠️ Astaroth banking malware is now using WhatsApp as its main delivery channel in Brazil.
Researchers report a new Python-based module that steals a victim’s contact list and auto-sends malicious ZIP files, spreading the infection chat to chat.
🔗 How the campaign works and… pic.twitter.com/TKekC70Vv5
— The Hacker News (@TheHackersNews) January 8, 2026Once active, the malware establishes persistence by creating scheduled tasks or modifying registry entries. It then focuses on stealing sensitive data, including banking credentials. Investigators say the campaign has been running since at least September 24, 2025, and uses ZIP files, PowerShell scripts, and Python-based tools to exfiltrate stolen information.
Cybersecurity experts have urged users to avoid clicking on unknown links or files, even when messages appear to come from trusted contacts. They also recommend strong passwords and two-factor authentication to secure WhatsApp accounts.
🛡️ WhatsApp Vulnerabilities Leak Users’ Metadata Including Device’s Operating System Details
Source: https://t.co/o3Oyxxfu0A
WhatsApp's multi-device encryption protocol has long leaked metadata, allowing attackers to fingerprint users' device operating systems, aiding targeted… pic.twitter.com/S2shAH80CL
— Cyber Security News (@The_Cyber_News) January 6, 2026Authorities describe the campaign as highly dangerous and stress the need for stronger online security habits. The incident highlights the growing sophistication of cyber threats targeting everyday communication platforms, making vigilance and proactive protection more important than ever.
