A new WhatsApp malware campaign has been identified, involving a threat actor that hijacks accounts to send malicious VBScript files to users, primarily in Malaysia. The scripts are disguised as financial documents and use localization to trick victims. Once executed, the malware downloads secondary payloads, bypasses Windows security measures, and installs legitimate Remote Monitoring and Management (RMM) software, allowing attackers to control infected systems silently.
The campaign has a broad impact, targeting individual users across various nations and utilizing obfuscation techniques to conceal its operations. Users are advised to avoid opening unexpected script attachments and ensure their security software is up to date.