Kaspersky has identified a WhatsApp-based campaign that spreads malicious VBScript files through direct messages to install legitimate RMM software and gain remote access to victims’ systems. The operation targets users across multiple countries, often using deceptive business-document filenames and infrastructure overlaps linked to Gh0st RAT and ValleyRAT. #WhatsApp #VBScript #ManageEngineRMMCentral #Gh0stRAT #ValleyRAT
Keypoints
- Malicious VBScript files are being shared through WhatsApp direct messages.
- The campaign targets WhatsApp Desktop and WhatsApp Web users in many countries.
- Files are disguised as business or financial documents to trick recipients.
- The infection chain installs ManageEngine RMM Central for remote access.
- Kaspersky found infrastructure overlaps with Gh0st RAT and ValleyRAT activity.
Read More: https://thehackernews.com/2026/06/whatsapp-vbscript-campaign-uses-fake.html