A sophisticated cyber campaign targeting WhatsApp users has emerged, leveraging malicious VBScript files distributed through direct messages to compromise systems with legitimate remote management tools. According to researchers at Kaspersky, this active threat demonstrates how attackers continue to exploit trusted communication platforms and legitimate software for nefarious purposes. The campaign specifically targets users accessing WhatsApp through desktop clients and web interfaces across multiple countries including Malaysia, Brazil, India, Mexico, Singapore, the U.K., Spain, Taiwan, and Australia. The attack begins when victims receive a direct message containing a VBScript file disguised as a legitimate document. Upon execution, this script facilitates the installation of ManageEngine RMM software, a tool typically used by IT administrators for remote system management. However, in this context, the software is deployed without authorization, giving attackers full control over the compromised system. What makes this campaign particularly concerning is its abuse of legitimate software, which can bypass traditional security defenses that might flag more obviously malicious programs. For security teams, this attack highlights several critical implications. The use of legitimate RMM tools
WhatsApp VBScript Campaign Uses Fake Documents to Install ManageEngine RMM Tool
Share
You might also like
Critical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 Setups
Security researchers have identified a critical vulnerability in Check Point VPN solutions that is currently being exploited in the wild. The flaw enables attackers to bypass authentication mechanisms completely, potentially exposing organizations to unauthorized network access. This revelation…
New Mistic Backdoor Linked to KongTuke in ClickFix and ModeloRAT Campaigns
Security researchers have uncovered a new stealthy backdoor, dubbed Mistic, that has been actively deployed in sophisticated cyberattacks targeting multiple industries. The discovery, made by Symantec and Carbon Black's Threat Hunter Team, reveals an alarming threat landscape where financial…
Surviving the Mythos Era: Richard Bejtlich on the Case for NDR
In today's increasingly complex threat…
Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access
Critical Vulnerability in Cisco SD-WAN Exploited Prior to Public Disclosure Security researchers at Google-owned Mandiant have uncovered concerning evidence that a high-severity vulnerability in Cisco Catalyst SD-WAN was actively exploited in the wild months before its public disclosure. The…
Meta Blocks NSO Group's New WhatsApp Phishing Attack, Files Contempt Order
Meta has escalated its ongoing legal battle with Israeli spyware vendor NSO Group, announcing the detection and blocking of new spear-phishing attempts targeting WhatsApp users. The tech giant is now pursuing a federal court contempt order against NSO, alleging violations of a permanent injunction…
One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public
Security researchers have disclosed a critical Linux kernel vulnerability that demonstrates how a single character coding error can compromise system integrity on a massive scale. The recently published exploit code for CVE-2026-23111 represents a significant threat to Linux environments, enabling…
Comments (0)
Leave a Comment
No comments yet. Be the first to comment!