If you use WhatsApp Desktop or WhatsApp Web then you need to be extra careful. Cyber ​​security company Kaspersky has revealed a new malware campaign, in which hackers are trying to infect users’ computers by sending fake business documents through WhatsApp.

According to the report, cyber criminals are using already hacked WhatsApp accounts. For this reason, the message appears to be coming from a known or trusted contact rather than from an unknown person, which makes people easily trust it.

Malware being sent in the name of business file
According to Kaspersky’s Global Research and Analysis Team (GReAT), attackers are using file names that look exactly like real business documents. These include names like Invoice, Bank Statement, Account Statement and Debt Notice.

Actually these files are in VBScript format. As soon as the user opens them, a script gets activated in the system which downloads additional malware from the internet and runs it silently.

Cases found in many countries
In Kaspersky’s investigation, the impact of this malware campaign has been seen in many countries. Most infected users have been found in Malaysia. Apart from this, such attacks have also been identified in Brazil, Singapore, Taiwan, Vietnam and some parts of Europe.

According to the report, the names of the files are being kept not only in English but also in Portuguese, French, German and Malay languages ​​so that as many people as possible can be targeted.

What happens when you open a file?
As soon as the user opens this file, it creates a new working folder in the Windows system and downloads other scripts from the external server and runs them with the help of Windows Script Host. After this the malware tries to give remote access to the computer to the attackers. It can be used to control the system, steal data or cause other harm.

How to keep yourself safe?
Kaspersky advises to never open any attachment on WhatsApp without checking it, even if it comes from a known person. In particular, open script or executable files like .vbs, .vbe, .exe, .bat, .cmd, .js and .ps1 only when you are completely sure of their authenticity.

Apart from this, it is also important to use reliable security software on both computer and mobile. If you receive any suspicious file from an acquaintance, then confirm it through other means before opening it.

Why is this attack dangerous?
The biggest challenge of this malware campaign is that hacked WhatsApp accounts are being used in it. Therefore, the message appears to be from a trustworthy person and the user can open the file without thinking. In such a situation, a little caution can save you from major cyber attacks and data theft.