A phishing campaign is exploiting the trusted nature of WhatsApp to deliver malware disguised as business documents, giving attackers remote access to victims' PCs across multiple countries.
According to a report by BleepingComputer published on 23 June, the ongoing operation targets users with messages that mimic legitimate business communications. Each message carries an attachment designed to resemble a professional document, but is in fact a VBScript (VBS) file that executes malicious code once opened.
The attack succeeds through social engineering rather than technical sophistication. By operating on a platform where users routinely share files with colleagues and contacts, the attackers exploit an environment where suspicion is notably lower. Once the VBS script runs, it establishes remote access to the compromised machine, effectively handing control to the perpetrators.
The campaign underscores a significant gap in organisational defences. Corporate email security gateways — the traditional frontline against phishing — have no visibility into WhatsApp traffic, leaving a blind spot that attackers are now actively exploiting. It marks a broader trend: threat actors are migrating phishing operations from well-defended email perimeters into messaging platforms where institutional safeguards are largely absent.
Security professionals recommend that organisations broaden their awareness training to cover phishing risks across every communication channel, not just email. Employees should be trained to treat any unsolicited attachment, even one appearing to come from a known contact, with suspicion. Before opening unexpected business documents, users are advised to verify the request through a separate, trusted channel such as a phone call.
The incident is a reminder that human trust remains the most exploitable element in any security architecture. As communication habits continue to evolve beyond email, defensive strategies must keep pace.
一場釣魚攻擊行動正利用 WhatsApp 的可信度,將惡意軟件偽裝成商務文件進行傳播,使攻擊者能在多個國家中遠端存取受害者的電腦。
據 BleepingComputer 於 6 月 23 日發布的報告,這場持續進行的攻擊行動透過模仿合法商務通訊的訊息來瞄準使用者。每條訊息都附帶一個看似專業文件的附件,但實際上是一個 VBScript (VBS) 檔案,一旦開啟便會執行惡意代碼。
此次攻擊的成功歸因於社交工程而非技術上的精密複雜。由於使用者在平台上習慣與同事及聯繫人分享檔案,攻擊者利用了這種環境下較低的警惕性。當 VBS 腳本執行後,它會建立對受感染電腦的遠端存取,實際上將控制權交給了攻擊者。
這場攻擊行動突顯了組織防禦中的一個重大漏洞。作為抵禦釣魚攻擊傳統前線的企業電郵安全閘道,無法監察 WhatsApp 流量,留下了一個攻擊者正積極利用的盲點。這標誌著一個更廣泛的趨勢:威脅行為者正將釣魚攻擊操作從防禦嚴密的電郵邊界,遷移至機構防護措施基本缺失的訊息傳遞平台。
安全專業人士建議,組織應擴大其安全意識培訓,涵蓋所有通訊渠道(而非僅限電郵)的釣魚攻擊風險。員工應被訓練以懷疑的態度對待任何未經請求的附件,即使它看似來自已知聯繫人。在開啟意外的商務文件前,建議使用者透過另一個獨立、可信的渠道(如電話)驗證相關請求。
此事件再次提醒我們,人類的信任仍然是任何安全架構中最易被利用的元素。隨著通訊習慣持續演變並超越電郵,防禦策略也必須與時並進。