New WhatsApp phishing campaign allows for remote access from a single
business document
Date:
Tue, 23 Jun 2026 16:35:00 +0000
Description:
WhatsApp users are getting shady documents from their contacts, leading to an infection.
FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Kaspersky warns of a WhatsApp phishing campaign spreading malicious VBScript files disguised as business documents Running them installs ManageEngine Endpoint Central, giving attackers remote access; filenames localized boosted global reach Victims
span Brazil, India, Mexico, Singapore, UK, Spain, Taiwan, Australia, Russia, Vietnam, and Malaysia; compromise method remains unknown WhatsApp users
beware - there is a phishing campaign ongoing on the platform, seeking to infect your devices with a legitimate, but unsolicited endpoint security platform.
Security researchers Kaspersky recently published a new report detailing a campaign that starts with a compromised WhatsApp account. They could not determine how these accounts got breached but found that they were being used to reach out to the victims contacts and share a VBScript file masquerading
as business or financial documents. People who dont find it strange that
their contacts are suddenly sharing business documents, and end up running them, will get ManageEngines Endpoint Central, a unified endpoint management (UEM) and endpoint security platform built to help IT teams manage a fleet of desktops, laptops, servers, mobile devices, and other endpoints, all from a single console. Latest Videos From Watch full video here: Two scripts, one malware In this case, however, they wouldnt be managing anything - they would just be granting remote system access to the attackers. Kaspersky says that the campaign is rather widespread, with victims located across Brazil, India, Mexico, Singapore, the UK, Spain, Taiwan, Australia, Russia, Vietnam, and Malaysia.
One of the reasons the campaign was so successful on an international level
is because the filenames are localized in multiple languages, Kaspersky
added. You may like New WhatsApp malware campaign uses renamed Windows tools to evade detection HP warns hackers are turning popular remote access tools into dangerous, stealthy backdoors This devious VENOM phishing campaign targets business executives by name so watch what you click on
Based on evidence collected from multiple victims through social media
reports and submitted samples, we can conclude that the threat actor had gained access to several WhatsApp accounts and used them to distribute the malicious VBScript files to contacts on the compromised users contact lists, Kasperskys researchers said.
At the time of writing, the exact method used to compromise these WhatsApp accounts remains unknown. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features
and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.
Downloading and running the malicious files on Windows result in the deployment of two scripts that first disable UAC protections and then deploy the UEM. Kaspersky also stressed that when users open WhatsApp on the web, they must first download the files, but when they open the desktop client,
the files can be executed directly via Windows Script Host.
Via BleepingComputer The best antivirus for all budgets Our top picks, based on real-world testing and comparisons
Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
======================================================================
Link to news story:
https://www.techradar.com/pro/security/new-whatsapp-phishing-campaign-allows-f or-remote-access-from-a-single-business-document
--- Mystic BBS v1.12 A49 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)