If you use WhatsApp Desktop or WhatsApp Web, you need to exercise extra caution. Cybersecurity firm Kaspersky has revealed a new malware campaign in which hackers are attempting to infect users' computers by sending fake business documents via WhatsApp.
According to the report, cybercriminals are using previously compromised WhatsApp accounts. Consequently, the message appears to come from a known or trusted contact rather than a stranger, making users more likely to trust it.
**Malware disguised as business files**
According to Kaspersky's Global Research and Analysis Team (GReAT), attackers are using filenames that look exactly like genuine business documents. These include names such as Invoice, Bank Statement, Account Statement, and Debt Notice.
In reality, these files are in VBScript format. As soon as a user opens one, a script activates within the system, downloading additional malware from the internet and running it silently.
**Cases detected in multiple countries**
Kaspersky's investigation has found this malware campaign affecting several countries. The highest number of infected users was found in Malaysia. Additionally, such attacks have been identified in Brazil, Singapore, Taiwan, Vietnam, and parts of Europe.
The report notes that filenames are being created not only in English but also in Portuguese, French, German, and Malay to target the widest possible audience.
**What happens when the file is opened?**
Once the user opens the file, it creates a new working folder on the Windows system, downloads further scripts from an external server, and executes them using the Windows Script Host. Subsequently, the malware attempts to grant the attackers remote access to the computer. This access can be exploited to control the system, steal data, or cause other forms of damage.
**How to stay safe?**
Kaspersky advises against opening any WhatsApp attachment without first verifying it, even if it comes from someone you know. Exercise particular caution with script or executable files—such as .vbs, .vbe, .exe, .bat, .cmd, .js, and .ps1—and open them only if their authenticity is fully confirmed.
Additionally, it is essential to use reliable security software on both computers and mobile devices. If you receive a suspicious file from an acquaintance, be sure to verify it through another communication channel before opening it.
Why is this attack dangerous?
The biggest challenge posed by this malware campaign is that it utilizes compromised WhatsApp accounts. Consequently, the message appears to come from a trusted contact, leading users to open the file without a second thought. A little caution in such situations can protect you from major cyberattacks and data theft.
Disclaimer: This content has been sourced and edited from News18 Hindi. While we have made modifications for clarity and presentation, the original content belongs to its respective authors and website. We do not claim ownership of the content.
-
Celebrity parents turn Hong Kong kindergarten graduation into star-studded event
-
Netflix confirms ‘Enola Holmes 3’ premiere date with new Millie Bobby Brown and Louis Partridge photo
-
Have kitchen glass containers become sticky? With these 5 easy steps, your shine will return like new in minutes…
-
Luckiest Day Of The Week For Each Zodiac Sign From June 29 – July 5, 2026
-
World’s second best airport begins remote baggage screening on flights to Los Angeles and Seattle
