A recent malware campaign targets WhatsApp users, hijacking accounts to distribute fake debt notices that install remote access software on victims' computers. The campaign, analyzed by Kaspersky, has affected users in various countries, primarily Malaysia. Attackers use deceptive file names resembling legitimate documents to persuade recipients to download malicious attachments.
The infection occurs in three stages: the initial VBScript downloads additional payloads, modifies registry keys to disable security prompts, and installs a legitimate remote management tool allowing attackers to control victims' systems. Users are advised to be cautious when receiving unexpected attachments through messaging apps, especially from known contacts.