A global malware campaign is leveraging compromised WhatsApp accounts to distribute malicious VBScript files disguised as financial documents. Attackers target users of WhatsApp Desktop and WhatsApp Web, sending attachments like "Financial Reports.vbs" to the victim's existing contact list. By exploiting the inherent trust between known contacts, the campaign successfully bypasses traditional social engineering red flags to initiate a multi-stage infection chain.

Source