A sophisticated cyber campaign targeting WhatsApp users has emerged, leveraging malicious VBScript files distributed through direct messages to compromise systems with legitimate remote management tools. According to researchers at Kaspersky, this active threat demonstrates how attackers continue to exploit trusted communication platforms and legitimate software for nefarious purposes. The campaign specifically targets users accessing WhatsApp through desktop clients and web interfaces across multiple countries including Malaysia, Brazil, India, Mexico, Singapore, the U.K., Spain, Taiwan, and Australia. The attack begins when victims receive a direct message containing a VBScript file disguised as a legitimate document. Upon execution, this script facilitates the installation of ManageEngine RMM software, a tool typically used by IT administrators for remote system management. However, in this context, the software is deployed without authorization, giving attackers full control over the compromised system. What makes this campaign particularly concerning is its abuse of legitimate software, which can bypass traditional security defenses that might flag more obviously malicious programs. For security teams, this attack highlights several critical implications. The use of legitimate RMM tools