PUBLIC SERVICES COMMISSION, GHANA

Efficiency, Accountability and Integrity

CSA warns of WhatsApp Web scam stealing bank details and OTPs

January 27, 2026

The Cyber Security Authority (CSA) has urged the public to exercise caution after uncovering a dangerous cybercrime scheme in which criminals are exploiting WhatsApp Web to steal banking credentials and one-time passwords (OTPs), including mobile money verification codes, from unsuspecting users in Ghana.

In a statement by CSA on Tuesday, January 27, the attack largely targets Windows computer users through malicious ZIP files circulated via WhatsApp messages and disguised as legitimate documents. The malware used in the operation has been identified as Astaroth, a sophisticated information-stealing virus.

According to CSA , cybercriminals typically send ZIP files to victims under convincing pretexts such as work-related documents, invoices, or shared files. Once a user downloads and extracts the file on a Windows device, the malware is silently installed without triggering suspicion.

After installation, the malware covertly connects to WhatsApp Web, retrieves the victim’s contact list, and automatically sends similar malicious messages to all contacts, enabling the attack to spread rapidly without the user’s knowledge.

In the background, the malware conducts extensive data-harvesting activities, including stealing banking login details, one-time passwords, browser cookies, and recording keystrokes. This information can then be used to gain unauthorised access to bank accounts, compromise mobile money wallets, and carry out fraudulent transactions.

The Cyber Security Authority has therefore urged the public to exercise heightened caution when opening files received through messaging platforms, even if they appear to come from trusted contacts.

Users are advised to avoid downloading or opening suspicious attachments, ensure their devices are updated with the latest security patches and antivirus software, and promptly report any unusual activity on their accounts.

Persons who believe they may have been affected are encouraged to contact the CSA for assistance through the following channels:

Email: report@csa.gov.gh

Call: 292

SMS: 292

WhatsApp: 0501603111

Mobile App: CSA Ghana

Source: citinewsroom.com