-1120w630h.webp "WhatsApp logo illustration")
WhatsApp is one of the most widely used messaging platforms in the world, making it an attractive target for cybercriminals. Now, security researchers at Kaspersky have uncovered a large-scale malware campaign targeting WhatsApp Web and Desktop users. The attackers are hijacking legitimate accounts to spread malicious files to the victim's contacts.
Malware Campaign Targets WhatsApp Web and Desktop Users
According to Kaspersky's Global Research and Analysis Team (GReAT), attackers are targeting WhatsApp Web and Desktop users and using them to distribute malicious VBScript (.vbs) attachments to the victim's existing contacts. Since the messages come from trusted contacts, recipients are more likely to open the files and unknowingly infect their devices.
The malicious files are carefully named to resemble routine financial and business documents, including invoices, debt notices, payment records and bank statements. Additionally, the file names are localised into English, Malay, French and more languages to support broad distribution across Europe and Asia, especially in areas where WhatsApp is used prominently. The VBScript files are also filled with comments and metadata designed to mimic authentic Microsoft Windows Update components.
Once a victim opens the attachment, the script creates a dedicated folder on the system drive. Then, it uses Windows Script Host to download and execute additional malicious scripts from remote servers.
Once installed, it eventually installs remote monitoring and management software, giving attackers full remote access to the compromised computer. Explaining the attack, Fareed Radzi, security researcher at Kaspersky, explains:
The file names are carefully disguised as routine business documents, such as invoices and payment notices, and localised across multiple languages to support broad targeting. Once opened, they trigger a staged infection chain that silently retrieves and executes additional malicious components from external infrastructure.
— Fareed Radzi, Researcher at Kaspersky
According to Kaspersky, the highest number of victims has been observed in Malaysia, followed by Brazil, Singapore, Taiwan and Vietnam.
To stay protected against this malware campaign, Kaspersky researchers recommend exercising caution with any unexpected attachments received over WhatsApp. Users should avoid opening file types like .vbs, .vbe, .exe, etc. While the campaign could be severely damaging, it's pretty easy to ward off by being aware of the files you receive.
-1120w630h.webp "WhatsApp Starts Testing Group Voice and Video Calls on Web Version thumbnail")
