This new WhatsApp Desktop malware can steal your data! Here's how to stay safe

India’s cybersecurity agency, CERT-In (Computer Emergency Response Team), has issued a high-severity warning for users of WhatsApp Desktop, highlighting a critical vulnerability that could allow hackers to steal personal data or take full control of affected systems.

The flaw, identified as CVE-2025-30401, affects WhatsApp Desktop for Windows versions prior to 2.2450.6. According to the advisory, the vulnerability stems from a misconfiguration between MIME types and file extensions, which leads to the improper handling of attachments. This could allow attackers to embed malware within seemingly harmless files, such as images, which execute malicious code when opened manually within WhatsApp.

"A maliciously crafted mismatch could have caused the recipient to inadvertently execute arbitrary code rather than view the attachment," said Meta, WhatsApp’s parent company, in its official security bulletin.

Who is at risk?

This issue specifically targets users who have installed WhatsApp Desktop on Windows PCs. CERT-In warns that successful exploitation could lead to spoofing attacks, unauthorised data access, or full system compromise. With over 400 million active WhatsApp users in India alone, the scale of potential impact is significant.

How to stay protected?

WhatsApp and CERT-In have urged users to take the following steps immediately:

1. Update to the latest WhatsApp Desktop version (2.2450.6 or above) via the Microsoft Store.
2. Avoid opening any suspicious or unknown file attachments received through WhatsApp Desktop.
3. Keep your operating system and antivirus software updated to ensure maximum protection.
4. Refrain from clicking on untrusted links or downloading files from unofficial sources.
5. Only download updates from official platforms like the WhatsApp website or the Microsoft Store.