WhatsApp VBScript Campaign Uses Fake Documents to Install ManageEngine RMM Tool
Summary
A new campaign is using WhatsApp direct messages to distribute malicious VBScript files. These scripts, when executed, install legitimate Remote Monitoring and Management (RMM) tools, posing a threat to users across several countries. The campaign specifically targets users of WhatsApp Desktop and WhatsApp Web.
IFF Assessment
This campaign leverages social engineering and legitimate tools for malicious purposes, indicating a growing sophistication in attack methods that defenders must counter.
Defender Context
Defenders should be aware of phishing attempts utilizing direct messages on platforms like WhatsApp, especially those that involve seemingly innocuous document files. The use of legitimate RMM tools by attackers highlights the need for strict access control and monitoring of remote management software.