Overview
- CERT-In issued an advisory on June 25 saying a large-scale campaign is sending malicious Visual Basic Script (.vbs) files through WhatsApp Web and Desktop messages from already compromised accounts.
- The advisory cites Kaspersky/Securelist research that describes a multilayered VBScript chain able to disable protections, download extra tooling, and create persistent remote access on infected machines.
- If users run the files, attackers can gain remote control, steal passwords and credentials, deploy additional malware, and spread infections across connected networks causing possible financial or business disruption.
- CERT-In urges users not to open unexpected .vbs or .exe attachments, to verify unusual files by phone or a separate message, to keep software and user account controls updated, and to scan files with up-to-date antivirus.
- The warning comes as CERT-In tightened OEM cybersecurity compliance on June 10 and investigators continue to trace the campaign using Kaspersky telemetry with no public attribution reported yet.