[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"branding":3,"analytics":7,"article-whatsapp-phishing-campaign-drops-remote-access-tool-via-fake-docs":10,"sections":35},{"siteName":4,"siteTagline":5,"publisherName":4,"contactEmail":6},"The Revision","Tech news, decoded.","editor@therevision.news",{"gaMeasurementId":8,"adsenseClientId":9},"G-ZW2MV82GYR","ca-pub-8533917693782264",{"article":11},{"id":12,"slug":13,"title":14,"dek":15,"body_md":16,"tags_json":17,"published_at":18,"created_at":19,"updated_at":20,"status":21,"review_note":22,"review_notes":23,"image_url":24,"persona_id":22,"persona_name":22,"section":25,"tags":26,"sources":30,"feedback":34,"feedback_at":22,"cost_usd":34,"total_tokens":34},1992,"whatsapp-phishing-campaign-drops-remote-access-tool-via-fake-docs","WhatsApp Phishing Campaign Drops Remote-Access Tool via Fake Docs","Attackers hijack WhatsApp accounts to send VBScript files that install a legitimate endpoint manager, handing over remote system access.","A phishing campaign on WhatsApp is using compromised accounts to spread malicious scripts disguised as business documents — and it has already claimed victims across eleven countries.\n\nResearchers at Kaspersky found that attackers gained access to real WhatsApp accounts — the exact method is still unknown — and used them to message contacts with VBScript files posing as financial or business documents. Anyone who ran the files on Windows triggered two scripts: one disables UAC protections, the other installs ManageEngine Endpoint Central, a legitimate unified endpoint management platform. The result is full remote access handed to the attacker. Victims have been identified in Brazil, India, Mexico, Singapore, the UK, Spain, Taiwan, Australia, Russia, Vietnam, and Malaysia. Kaspersky attributes the campaign's international spread partly to filenames localized in multiple languages.\n\nThe abuse of a legitimate IT tool is the sharp edge here. ManageEngine Endpoint Central is built to manage fleets of corporate devices — antivirus and endpoint detection software is unlikely to flag it as malware, because it isn't. That makes it a useful wrapper for an attack that would otherwise be caught at the door. The trust vector is doubly layered: the message comes from a known contact, and the software it installs is real.\n\nOne detail worth noting: on WhatsApp's desktop client, the file can execute directly through Windows Script Host without a separate download step — a lower-friction path to compromise than the web client. Using trusted software as an attack carrier is not new, but routing it through personal messaging accounts, rather than email, is a reminder that phishing has long since outgrown the inbox.","[\"security\",\"phishing\",\"whatsapp\",\"malware\"]","2026-06-23T16:35:00.000Z","2026-06-23T18:01:07.227Z","2026-06-23T18:01:17.135Z","published",null,[],"https:\u002F\u002Fcdn.xyz.onl\u002Farticle-images\u002Fwhatsapp-phishing-campaign-drops-remote-access-tool-via-fake-docs.webp","security",[25,27,28,29],"phishing","whatsapp","malware",[31],{"name":32,"url":33},"TechRadar","https:\u002F\u002Fwww.techradar.com\u002Fpro\u002Fsecurity\u002Fnew-whatsapp-phishing-campaign-allows-for-remote-access-from-a-single-business-document",0,{"sections":36},[37,42,47,50,55,60,65,70,75,80,85,90,95,100],{"name":38,"slug":39,"count":40,"latest_published_at":41},"AI","ai",505,"2026-06-23T20:10:33.000Z",{"name":43,"slug":44,"count":45,"latest_published_at":46},"Deals","deals",143,"2026-06-23T21:34:29.000Z",{"name":48,"slug":25,"count":45,"latest_published_at":49},"Security","2026-06-23T19:43:56.000Z",{"name":51,"slug":52,"count":53,"latest_published_at":54},"Policy","policy",101,"2026-06-23T19:11:04.000Z",{"name":56,"slug":57,"count":58,"latest_published_at":59},"Consumer Tech","consumer-tech",84,"2026-06-23T21:34:53.000Z",{"name":61,"slug":62,"count":63,"latest_published_at":64},"Hardware","hardware",71,"2026-06-23T16:50:03.000Z",{"name":66,"slug":67,"count":68,"latest_published_at":69},"Software","software",63,"2026-06-23T11:16:34.000Z",{"name":71,"slug":72,"count":73,"latest_published_at":74},"Dev Tools","dev-tools",53,"2026-06-23T18:13:40.000Z",{"name":76,"slug":77,"count":78,"latest_published_at":79},"Science","science",39,"2026-06-23T05:25:16.000Z",{"name":81,"slug":82,"count":83,"latest_published_at":84},"Gaming","gaming",32,"2026-06-22T17:00:00.000Z",{"name":86,"slug":87,"count":88,"latest_published_at":89},"General","general",26,"2026-06-13T18:35:15.000Z",{"name":91,"slug":92,"count":93,"latest_published_at":94},"Startups","startups",24,"2026-06-23T17:25:54.000Z",{"name":96,"slug":97,"count":98,"latest_published_at":99},"Reviews","reviews",19,"2026-06-14T08:00:00.000Z",{"name":101,"slug":102,"count":103,"latest_published_at":104},"How-To","how-to",6,"2026-06-16T09:00:00.000Z"]