Home / Technology / WhatsApp Scammers Send Malicious Docs

WhatsApp Scammers Send Malicious Docs

23 Jun

•

Summary

Malicious VBScript files disguised as documents are sent via WhatsApp.
Running these files installs security software for remote access.
The campaign has victims in multiple countries worldwide.

A widespread phishing campaign is targeting WhatsApp users by sending malicious VBScript files masquerading as business or financial documents. Security researchers have noted that these files, once executed on Windows systems, deploy scripts that disable User Account Control protections and install ManageEngine's Endpoint Central. This legitimate unified endpoint management platform is exploited to grant attackers remote system access.

The campaign's global reach is attributed in part to localized filenames, which have fooled users in countries such as Brazil, India, Mexico, Singapore, the UK, Spain, Taiwan, Australia, Russia, Vietnam, and Malaysia. While researchers have confirmed the distribution method via compromised WhatsApp accounts, the initial method of breaching these accounts is still under investigation.

Users who download the files via WhatsApp Web must first download them, whereas the desktop client allows direct execution through Windows Script Host. This ongoing threat highlights the need for vigilance against suspicious document-sharing, even from known contacts.

Disclaimer: This story has been auto-aggregated and auto-summarised by a computer program. This story has not been edited or created by the Feedzop team.