Kaspersky has issued a warning about a malware campaign targeting WhatsApp Web and Desktop clients. This malware threat serves as an example of the increasing cybersecurity dangers faced by individuals, as cybercriminals continue to take advantage of commonly used communication channels to spread malware.
Cybersecurity firm Kaspersky found that a crimeware actor uses WhatsApp accounts to distribute malicious attachments. The issue has affected users across multiple countries, with the highest number of victims found in Malaysia.
According to Kaspersky Lab researchers, attackers are exploiting already breached WhatsApp accounts to send malicious files that are made to seem like coming from legitimate acquaintances. They have been named in such a way as to look like business documents.
Victims have been identified across multiple countries and territories, including Malaysia, Brazil, Singapore, Taiwan, and Vietnam, with the highest number of observed victims located in Malaysia.
Kaspersky Global Research and Analysis Team (GReAT) discovered a malware distribution campaign targeting users of WhatsApp Desktop and WhatsApp Web. Attackers are targeting users through malicious file attachments sent via direct messages. Kaspersky states that the campaign uses compromised WhatsApp accounts to distribute malicious VBScript files.
"Once opened, they trigger a staged infection chain that silently retrieves and executes additional malicious components from external infrastructure,” said Fareed Radzi, security researcher at Kaspersky GReAT.
The attachment's execution flow follows a multi-stage process on the affected system. Once opened, the file triggers a scripted sequence on the device. The initial script creates a working directory under C:\Users\Public\Documents\, then retrieves additional script files from external infrastructure and executes them using Windows Script Host. These follow-up scripts perform additional system actions and download a compressed archive from the same infrastructure. The archive contains an installation package for remote monitoring and management software.
Also Read: WhatsApp Tests Green Dot Indicator, May Replace Online Status Label for Android Users
Kaspersky advised users should exercise caution when they receive unexpected attachments on WhatsApp, even if they are coming from contacts that are already saved in their phone books. In addition, users should be careful about opening scripts and executables such as .vbs, .vbe, .exe, .bat, .cmd, .js, and .ps1 unless they have already been confirmed to be legitimate.
Users can reduce their risk by downloading software only from trusted sources, avoiding suspicious links, and keeping devices updated.