How is malware distributed via WhatsApp*?

Attackers send phishing messages with attached VBScript files disguised as business documents. Opening the file executes malicious code, granting remote system access.

What protective measures can prevent such attacks?

Avoid opening suspicious attachments, even if they appear to come from known contacts. Use antivirus software, keep systems updated, and verify file extensions before execution.

What are the potential consequences of such an attack?

The attack may lead to confidential data theft, spyware installation, or device hijacking for botnet use. In corporate environments, it risks leaking sensitive business information.

← All news

Security

WhatsApp* Phishing Attack Disguised as Business Documents

June 23, 2026

Photo: BleepingComputer

Quick answer

Cybercriminals leverage WhatsApp* phishing messages with fake business documents to distribute VBScript files, enabling remote access to victims' computers.

Cybercriminals have launched a large-scale phishing campaign targeting WhatsApp* users. The attack spreads through messages with attachments mimicking legitimate business documents, such as invoices, contracts, or notifications.

Attached files use the VBScript extension and, when executed, run malicious code. This grants attackers remote control over infected computers. Experts note that the attack affects both individuals and corporate employees, increasing risks of corporate data leaks.

Cybersecurity specialists advise caution when handling messenger attachments, especially if messages appear unexpected or suspicious. It is crucial to verify file extensions and use modern protection tools, such as antiviruses and sandboxes for analyzing suspicious objects.

The attack is ongoing in multiple countries, with potential for expansion. Users are advised to update software and stay informed about new threats in cybersecurity.

* Facebook, Instagram, WhatsApp, and other Meta services belong to Meta Platforms Inc., whose activities are recognized as extremist and banned in the Russian Federation.

Common questions

How is malware distributed via WhatsApp*?: Attackers send phishing messages with attached VBScript files disguised as business documents. Opening the file executes malicious code, granting remote system access.
What protective measures can prevent such attacks?: Avoid opening suspicious attachments, even if they appear to come from known contacts. Use antivirus software, keep systems updated, and verify file extensions before execution.
What are the potential consequences of such an attack?: The attack may lead to confidential data theft, spyware installation, or device hijacking for botnet use. In corporate environments, it risks leaking sensitive business information.

Dzen feed: /feed/dzen.xml · RSS: /feed.xml