Authorities have detected a large-scale malware distribution campaign via WhatsApp.

This campaign was discovered by Kaspersky's Global Research and Analysis Team (GReAT) in June 2026. Victims of this attack were recorded in many countries and territories, including Malaysia, Brazil, Singapore, Taiwan (China), and Vietnam, with Malaysia recording the highest number of victims.

The use of filenames in multiple languages ​​also suggests the campaign was deployed on a wide scale, particularly in European countries.

According to the research findings, the perpetrators behind the campaign exploited previously compromised WhatsApp accounts to distribute attachments containing the virus. Malware.

The attackers sent messages from contacts in the existing address book of these accounts, making it easy for recipients to trust and open the files. Once the malware was activated, the attackers could remotely access the system through administrative features designed for legitimate technology support and management purposes.

Malicious actors have used social engineering to disguise malicious files as familiar work documents such as invoices, bank statements, account statements, payment vouchers, or debt notices to create a sense of trust and deceive victims.

The filenames were also localized into multiple languages ​​such as English, Portuguese, French, German, and Malay, indicating the campaign was deployed across various language regions. Furthermore, the VBScript file samples contained a large amount of comments and metadata designed to impersonate legitimate components of Microsoft Windows Update.

Fareed Radzi, a security researcher at Kaspersky GReAT, said: “In this campaign, attackers exploited trust on messaging platforms by using compromised WhatsApp accounts to send malicious attachments. Because these files were sent from familiar contacts, recipients were more likely to open them.”

The filenames are carefully disguised as ordinary business documents such as invoices or payment notices, and are localized into multiple languages ​​to broaden the target audience. When opened, these files trigger a multi-stage infection chain, silently downloading and executing additional malicious components from infrastructure controlled by the attacker.”

Advice

To avoid malware infections, cybersecurity experts have issued the following recommendations for users:

Be cautious when receiving strange attachments via WhatsApp, even if they are sent from familiar contacts, as these files may contain malware and execute on your device.

- Do not open script or executable files such as .vbs, .vbe, .exe, .bat, .cmd, .js, and .ps1 unless you have independently verified their legality.

- Use reliable security solutions on all computers and mobile devices. These solutions are capable of warning and preventing infection risks before they cause harm.

Source: https://baoquangninh.vn/phat-hien-chien-dich-phat-tan-ma-doc-quy-mo-lon-thong-qua-whatsapp-3412614.html