Cybersecurity researchers have identified an active malware distribution campaign targeting WhatsApp users in multiple countries. The attack uses deceptive messages to deliver VBScript files that, when executed, grant attackers remote access to compromised systems.
The campaign relies on social engineering techniques delivered through WhatsApp's messaging platform. Attackers send messages designed to appear legitimate, convincing recipients to download and open attached VBScript files. Once executed, these scripts establish connections that allow threat actors to control infected systems remotely.
VBScript, a scripting language built into Windows operating systems, provides attackers with significant capabilities once executed. The malicious scripts can download additional payloads, modify system settings, exfiltrate data, and maintain persistent access to compromised machines. This technique bypasses many traditional security controls because VBScript files can execute without requiring additional software installation.
The campaign's multi-country scope indicates a broad targeting strategy rather than attacks focused on specific organizations or sectors. WhatsApp's widespread global adoption makes it an attractive vector for threat actors seeking to reach large numbers of potential victims through a trusted communication platform.
Security teams should educate users about the risks of opening unexpected files received through messaging applications, even from known contacts whose accounts may be compromised. Organizations should implement application whitelisting to prevent unauthorized script execution, ensure endpoint detection and response tools are deployed and current, and consider blocking VBScript execution through Group Policy where business operations permit. Users should verify the legitimacy of unexpected messages through alternative communication channels before opening any attachments.
Source: https://www.bleepingcomputer.com/news/security/whatsapp-phishing-attack-uses-fake-business-docs-to-hack-pcs/