Post cover image
Pic is from XEyecs.com

June 30, 2026

WhatsApp Users Are Attacked by VBScripts

A large number of WhatsApp users in different regions were targeted by a dedicated threat actor with an outsmarting phishing attack that…

By Cybersectoworld

2 min read

A large number of WhatsApp users in different regions were targeted by a dedicated threat actor with an outsmarting phishing attack that led the victims to run the hacker's malicious scripts on their desktop devices to run the snooping background software and having full control in the background.

All the attacker needs is to convince the victim to execute his well prepared and tested malicious VBScript that bypasses the security controls on Windows, the attacker/s deliberately aimed to distribute their malicious scripts leaving it undetectable on too many victims in different regions, as per Kaspersky countries from UK, Spain, Australia, Russia, Brazil, India, Mexico, Taiwan, Vietnam, and Malaysia which is the most targeted country amongst the others, over time all countries could be targeted.

The hacker or the hacker group created the VBScript to install the Remote Monitoring and Management (RMM) software to execute malicious access against their victims, infiltrating their sensitive data to proceed with their illegal goals.

Those hackers target WhatsApp desktop and browser users as it is required for their VBScript payloads. They send a deceptive message with an attachment as if it comes from a trusted company phone number, the windows user opens the file that looks legit due to their lack of tech knowledge and inspection and then they execute the targeted VBS file sent by the hacker, and the script does its work in the background in a matter of seconds.

Kaspersky explained that the VBScript samples include metadata that is almost identical to the legitimate Microsoft components and many of these metadata and comments are written in Mandarin.

The attack is a chain phishing technique. The VBScript created by the hacker is mainly to download two other VBScripts, the first is to tamper with the User Access Control (UAC) configurations to make the victim's device more vulnerable, and the second is to download the Remote Monitoring and Management (RMM) software to deliver their malicious acts.

Now, our blog reader, you know that this is a parlous ongoing attack, and this is one example of a limitless number of phishing tactics, you can protect your privacy, financial identities and all of your sensitive information by following the security habits and keeping yourself security aware. Here below listed are the bullet points to follow:

  • Never trust any email or social media messages unless it is trusted and verified.
  • Never share your private data on social media, just a disguised fake account could reach all your private information you share with your friends.
  • Use a VPN, especially for sensitive sites such as your banking dashboard or your social media accounts.
  • Make sure that 2FA is always enabled on all your sensitive accounts and emails, this will prevent hackers from having access to your account if they have the password.
  • Keep your personal number private, never share it publicly online to avoid being targeted by such hackers or intruders.
  • Verify all your friends on your social media accounts.
  • Enforce the privacy configurations on your social media accounts.