WhatsApp phishing attack: fake business docs hack PCs

Robert Moore · 2026-06-22

A nasty new malware campaign is making the rounds on WhatsApp. It targets users with convincing messages that carry fake business documents. Once you open them, the VBScript files inside can give attackers remote access to your system. This isn't your run-of-the-mill spam. The scammers are smart about it. They pose as legitimate companies, sending what looks like an invoice or a contract. The hook is usually urgent: "Your payment is overdue" or "Please review the attached agreement." It plays on our natural instinct to act fast when money's involved. ### How the attack works Here's the breakdown of what happens: - You get a WhatsApp message from someone you might know (or a spoofed number). - The message includes a file that looks like a PDF or Word doc, but it's actually a VBScript (.vbs) file. - When you click to open it, your computer runs the script silently in the background. - The script downloads a payload that gives the attacker remote access to your machine. - From there, they can steal data, install more malware, or use your PC for other attacks. The scary part is how easy it is to fall for. The messages are personalized and the files look professional. Even cautious users might hesitate. > "The most effective phishing attacks don't look like attacks at all. They look like normal business correspondence." — Robert Moore, Lead Antidetect Browser Specialist ### Why antidetect browsers matter here If you're in digital marketing, affiliate work, or any field where you manage multiple accounts, you're a prime target. Attackers know you handle sensitive data and often use the same machine for work and personal stuff. An antidetect browser can help you stay safe in a few ways: - **Isolation**: Each profile acts like a separate computer. Even if one gets compromised, the others stay clean. - **Fingerprint spoofing**: Attackers can't easily track your real browser fingerprint across sites, making it harder for them to target you. - **Session management**: You can keep work and personal accounts completely separate, reducing the risk of cross-contamination. ### Practical steps to protect yourself Don't wait for an attack to happen. Here's what you can do right now: - **Never open .vbs files** from WhatsApp, email, or any messaging app. If someone sends you a script file unexpectedly, delete it. - **Verify the sender**. Call or text the person directly (using a different channel) to confirm they sent the file. - **Use a dedicated antidetect browser** for high-risk activities. It adds a layer of separation that most standard browsers don't offer. - **Keep your antivirus updated**. Modern AV tools can catch VBScript-based attacks before they execute. - **Enable two-factor authentication** on your WhatsApp account. It won't stop the phishing messages, but it can prevent account takeover. ### The bottom line This campaign is a reminder that phishing isn't just for email anymore. Messaging apps like WhatsApp are now prime hunting grounds for attackers. They know we trust messages from friends and colleagues, so they exploit that trust. Stay sharp. If something feels off, it probably is. And if you're managing multiple online identities, consider adding an antidetect browser to your toolkit. It's a small step that can make a big difference in keeping your digital life secure.