WhatsApp phishing attack uses fake business docs to hack PCs

A widespread phishing campaign is actively targeting WhatsApp users across several nations, deploying malicious messages that trick recipients into downloading VBScript files. Once executed, these files provide attackers with remote access to compromised systems.

This ongoing operation relies on social engineering tactics, with the messages often masquerading as official business communications. The attackers craft convincing prompts, such as urgent notices about account verification or document requests, to lure victims into opening the attached or linked files. The payload is a VBScript that, when run, establishes a backdoor on the victim’s machine.

The campaign’s reach spans multiple countries, suggesting a coordinated effort. Security researchers have observed that the attackers are exploiting trust in legitimate business workflows, making the deceptive messages appear authentic. The infection chain is straightforward: the user receives a WhatsApp message, clicks on the malicious link or file, and inadvertently grants the attacker persistent remote control over their PC.

This technique highlights a broader trend in cybercrime, where attackers bypass traditional email security by moving to popular messaging platforms. The use of VBScript is particularly notable, as it allows the malware to execute without requiring advanced permissions. Once inside, the attacker can steal data, deploy additional malware, or use the compromised device for further attacks.

To defend against this threat, users should exercise caution with unexpected messages, even from known contacts, and avoid opening any files or links that request immediate action. Organizations should also educate employees about the risks of messaging-based phishing and ensure their security software can detect VBScript-based threats. This campaign serves as a reminder that cybercriminals continuously adapt their methods to exploit the platforms people trust most.