Listen to the episode
TLDR
A new WhatsApp phishing campaign is targeting users across Brazil, India, Mexico, Singapore, the UK, Spain, and other countries. Attackers compromise legitimate WhatsApp accounts and send messages containing malicious VBScript files...
How it works
A new WhatsApp phishing campaign is targeting users across Brazil, India, Mexico, Singapore, the UK, Spain, and other countries. Attackers compromise legitimate WhatsApp accounts and send messages containing malicious VBScript files...
Red flags
- Unsolicited "business document" attachments (VBS, ZIP) arriving from a contact with no prior context Messages containing only a file attachment and no greeting or explanation Files delivered via WhatsApp that request execution through Windows Script Host or unknown installers
What to do
- 1Never open VBScript or executable attachments received via WhatsApp, even from trusted contacts Verify any unexpected document with the sender through a separate channel (phone call, in person) Keep antivirus up to date, scan every downloaded file before opening it, and enable
Source
bleepingcomputer
Source reviewed by Mythos Forensic Team
https://www.bleepingcomputer.com/news/security/whatsapp-phishing-attack-uses-fake-business-docs-to-hack-pcs/FAQ
Is WhatsApp phishing attack uses fake business docs to hack PCs a real scam pattern?
Yes. Treat the message, call, or payment request as suspicious until you verify it through an official channel.
What are the first warning signs?
Unsolicited "business document" attachments (VBS, ZIP) arriving from a contact with no prior context Messages containing only a file attachment and no greeting or explanation Files delivered via WhatsApp that request execution through Windows Script Host or unknown installers
What should I do first?
Never open VBScript or executable attachments received via WhatsApp, even from trusted contacts Verify any unexpected document with the sender through a separate channel (phone call, in person) Keep antivirus up to date, scan every downloaded file before opening it, and enable
Can LegalAudit check my case?
Yes. Start a free chat and paste the message, link, sender, or payment details for triage.