Close Menu

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    Adobe patches seven max severity ColdFusion, Campaign flaws

    July 1, 2026

    Anthropic rolls out Sonnet 5 with near-Opus 4.8 performance at a lower price

    June 30, 2026

    HTTPS Doesn't Hide This From Your ISP!! – YouTube

    June 30, 2026
    Facebook X (Twitter) Instagram
    • Demos
    • Technology
    • Gaming
    • Buy Now
    Facebook X (Twitter) Instagram Pinterest Vimeo
    Canadian Cyber WatchCanadian Cyber Watch
    • Home
    • News
    • Alerts
    • Tips
    • Tools
    • Industry
    • Incidents
    • Events
    • Education
    Subscribe
    Canadian Cyber WatchCanadian Cyber Watch
    Home»News»WhatsApp phishing attack uses fake business docs to hack PCs
    News

    WhatsApp phishing attack uses fake business docs to hack PCs

    adminBy adminJune 22, 2026No Comments3 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    Share
    Facebook Twitter LinkedIn Pinterest Email


    WhatsApp phishing attack uses fake business docs to hack PCs

    An ongoing malware campaign is targeting WhatsApp users in multiple countries with deceptive messages that push VBScript files, leading to remote system access.

    The threat actor is using file names that indicate business and financial documents delivered by the victim’s contacts, whose accounts had been compromised.

    By downloading and executing the malicious attachments, the recipient starts an infection chain that leads to installing the legitimate ManageEngine Endpoint Central, which is used by IT administrators to manage systems from a centralized dashboard.

    image

    Telemetry data from cybersecurity company Kaspersky shows that the campaign spreads across Brazil, India, Mexico, Singapore, the UK, Spain, Taiwan, Australia, Russia, Vietnam, and Malaysia.

    Attack chain

    Kaspersky reports that the attacks begin with messages sent from compromised accounts that contain nothing but a heavily obfuscated VBS file.

    These files are given names that make them appear to be financial reports, billing statements, account notices, and similar documents likely to draw the target’s attention and prompt them to open the file.

    The filenames are also localized in multiple languages, further confirming the campaign’s global reach.

    Samples of the malicious messages
    Samples of the malicious messages
    Source: Kaspersky

    “Based on evidence collected from multiple victims through social media reports and submitted samples, we can conclude that the threat actor had gained access to several WhatsApp accounts and used them to distribute the malicious VBScript files to contacts on the compromised users’ contact lists,” Kaspersky explains.

    “At the time of writing, the exact method used to compromise these WhatsApp accounts remains unknown.”

    If the victim downloads and opens the file on Windows, the VBScript fetches two additional scripts from the attacker’s infrastructure, which, in turn, disable UAC protections through Registry modifications and download a ZIP archive containing the ManageEngine Endpoint Central program.

    Content of the ZIP file
    Content of the ZIP file
    Source: Kaspersky

    The software is silently installed in the background and configured to connect to attacker-controlled management servers, giving them remote administration access on the victim’s computer.

    Kaspersky notes that when the initial VBScript file is delivered via WhatsApp Web, it must be downloaded, but when opened in the WhatsApp Desktop client, it can be executed directly via Windows Script Host (wscript.exe).

    Overview of the attack chain
    Overview of the attack chain
    Source: Kaspersky

    While Kaspersky does not attribute the attacks to a specific threat actor, the researchers found signs of Chinese language use and infrastructure overlap with IPs previously associated with ValleyRAT and Gh0st RAT activity.

    However, there is insufficient evidence for high-confidence attribution to be possible.

    WhatsApp users are advised to treat files sent by contacts, even trusted ones, with caution and to always verify them through secondary means.

    All downloaded files should be scanned with an up-to-date antivirus before executing them.


    article image

    Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

    The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

    Get the whitepaper



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleStopping Tech Company Censorship (with Jake Hanrahan)
    Next Article Are Public Libraries Becoming Children’s Libraries?
    admin
    • Website

    Related Posts

    News

    Adobe patches seven max severity ColdFusion, Campaign flaws

    July 1, 2026
    News

    Anthropic rolls out Sonnet 5 with near-Opus 4.8 performance at a lower price

    June 30, 2026
    News

    6 Key Takeaways: Strengthening Public Safety Through Collective Defense

    June 30, 2026
    Add A Comment

    Comments are closed.

    Demo
    Top Posts

    Catchy & Intriguing

    March 17, 202677 Views

    IP Address Investigations and Local OSINT

    March 20, 202633 Views

    Defending Canada’s Digital Frontier: Combating Phishing, Social Engineering, Ransomware, and Malware

    March 23, 202632 Views
    Stay In Touch
    • Facebook
    • YouTube
    • TikTok
    • WhatsApp
    • Twitter
    • Instagram
    Latest Reviews
    85
    Featured

    Pico 4 Review: Should You Actually Buy One Instead Of Quest 2?

    January 15, 2021 Featured
    8.1
    Uncategorized

    A Review of the Venus Optics Argus 18mm f/0.95 MFT APO Lens

    January 15, 2021 Uncategorized
    8.9
    Editor's Picks

    DJI Avata Review: Immersive FPV Flying For Drone Enthusiasts

    January 15, 2021 Editor's Picks

    Subscribe to Updates

    Get the latest tech news from FooBar about tech, design and biz.

    Demo
    Most Popular

    Catchy & Intriguing

    March 17, 202677 Views

    IP Address Investigations and Local OSINT

    March 20, 202633 Views

    Defending Canada’s Digital Frontier: Combating Phishing, Social Engineering, Ransomware, and Malware

    March 23, 202632 Views
    Our Picks

    Adobe patches seven max severity ColdFusion, Campaign flaws

    July 1, 2026

    Anthropic rolls out Sonnet 5 with near-Opus 4.8 performance at a lower price

    June 30, 2026

    HTTPS Doesn't Hide This From Your ISP!! – YouTube

    June 30, 2026

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Facebook X (Twitter) Instagram Pinterest
    • Home
    • Technology
    • Gaming
    • Phones
    • Buy Now
    © 2026 ThemeSphere. Designed by ThemeSphere.

    Type above and press Enter to search. Press Esc to cancel.