WhatsApp phishing attack uses fake business docs to hack PCs – Bleeping Computer

An ongoing malware campaign is targeting WhatsApp users in multiple countries with deceptive messages that push VBScript files, leading to remote system access. The threat actor is using file names that indicate business and financial documents delivered by the victim’s contacts, whose accounts had been compromised. By downloading and executing the malicious attachments, the recipient starts an infection chain that leads to installing the legitimate ManageEngine Endpoint Central, which is used by IT administrators to manage systems from a centralized dashboard. Telemetry data from cybersecurity company Kaspersky shows that the campaign spreads across Brazil, India, Mexico, Singapore, the UK, Spain, Taiwan, Australia, Russia, Vietnam, and Malaysia. Attack chain Kaspersky reports that the attacks begin with messages sent from compromised accounts that contain nothing but a heavily obfuscated VBS file. These files are given names that make them appear to be financial reports, billing statements, account notices, and similar documents likely to draw the target’s attention and prompt them to open the file. The filenames are also localized in multiple languages, further confirming the campaign’s global reach. Samples of the malicious messages Source: Kaspersky “Based on evidence collected from multiple victims through social media reports and submitted samples, we can conclude
Read More