WhatsApp phishing scam hides malware in fake business docs
A fresh wave of phishing attacks is exploiting WhatsApp to slip malware onto unsuspecting users’ computers. Victims receive messages that look like legitimate business documents, but opening the attached file unleashes a VBScript payload capable of handing remote control to attackers.
How the deception works
The campaign starts with a WhatsApp message that appears to come from a business contact. Inside is an attachment named to resemble an urgent invoice, contract, or similar document. When the user runs the file, Windows executes a hidden VBScript that downloads additional malware and grants the attacker remote access to the infected machine. Security researchers note that the messages are currently targeting users in multiple countries, suggesting a coordinated effort.
Why this attack stands out
Unlike many phishing attempts that rely on user interaction or outdated software, this one uses WhatsApp—a platform trusted by billions—as its delivery route. The fake documents are crafted to look professional, increasing the chance that recipients will open them without suspicion. Once the VBScript runs, the malware can move laterally across networks, steal data, or install further malicious tools.
What to watch for and how to stay safe
WhatsApp users should treat unexpected attachments with caution, even if they seem to come from known contacts. Enabling multi-factor authentication, keeping software updated, and verifying file extensions before opening them can reduce risk. Organizations may also consider deploying endpoint protection that detects anomalous script execution.
Source: BleepingComputer. AI-assisted editorial synthesis — TechnoExpress.