WhatsApp VBScript Campaign Spreads RMM Software

An active campaign is utilizing WhatsApp to spread malicious Visual Basic Script (VBScript) files that lead to the installation of legitimate Remote Monitoring and Management (RMM) software. According to Kaspersky, users of WhatsApp Desktop and WhatsApp Web are particularly affected. The campaign targets users in countries such as Malaysia, Brazil, India, Mexico, Singapore, the United Kingdom, Spain, Taiwan, and Australia. Distribution occurs through direct messages containing fake documents. These documents are designed to appear legitimate, enticing users to execute the harmful scripts.

The attackers employ this tactic to gain users' trust and increase the likelihood that the files will be opened. The installed RMM software allows attackers to take control of the affected systems. This software is commonly used by IT administrators to monitor and manage networks, making it an attractive target for cybercriminals. The legitimate use of this software is severely jeopardized by these attacks. The campaign was first discovered in June 2026 and has since expanded in scope.

Kaspersky has urged users to be cautious and not to open unknown files or links sent via WhatsApp. The security firm recommends regularly updating software and using security solutions to protect against such threats. The distribution of VBScript via messaging platforms is not new; however, this campaign demonstrates a concerning trend in the use of social media for cyberattacks. The attackers exploit the widespread use of WhatsApp to amplify their malicious activities and reach a larger number of users. The security situation is exacerbated by the fact that many users are unaware of the risks associated with opening files from unknown sources.

Kaspersky has emphasized that raising user awareness of such threats is crucial to preventing the spread of malware. The campaign has already affected several hundred users, with the exact number of impacted systems still being determined. Security researchers are working to halt the spread of the malicious software and warn affected users. Investigations indicate that the attackers are specifically targeting certain geographic regions, suggesting strategic planning. The use of RMM software in cyberattacks is a growing problem that affects both businesses and individuals alike.

The threat from such attacks could increase in the coming months as cybercriminals continue to develop new methods to achieve their goals. Kaspersky has urged users to remain vigilant and review their security practices. The vulnerability exploited by this campaign could potentially affect millions of users worldwide. Kaspersky has already taken measures to stop the spread of the malicious scripts and educate users about the risks. A detailed technical analysis of the VBScript files used is currently underway to gather further insights into the malware's operation.

This campaign underscores the need to strengthen security measures in digital communication. Experts recommend that businesses and individuals reassess their security policies and ensure they have the latest information on cyber threats. The threat from such attacks is expected to continue rising in the coming months. On June 24, 2026, the security firm Kaspersky issued a warning urging users to remain vigilant and report suspicious activities.