Fake Documents on WhatsApp Are Installing Spyware on Computers

What's Happening Right Now

Cybercriminals are using WhatsApp Desktop and Web to send malicious files disguised as everyday business documents. These fake files install remote access tools that give attackers complete control over your computer. This campaign is actively targeting people across nine countries, and it's designed to look completely legitimate.

The Details

Here's how the attack works. You receive a message on WhatsApp Desktop or Web from someone who appears to be a business contact. They send what looks like a Word document or PDF with a name like "Invoice.pdf" or "Contract.docx." The file icon looks normal, and the sender might seem familiar.

But these aren't real documents. They're actually VBScript files, a type of code that runs on Windows computers. When you click to open the file, it doesn't show you a document at all. Instead, it secretly installs remote access software on your computer.

Once installed, this software gives criminals complete control. They can see your screen, access your files, record your keystrokes, and steal passwords. They can monitor your banking, read your private messages, and access anything stored on your computer. The attack specifically targets WhatsApp Desktop and Web because these versions allow file types that the mobile app automatically blocks.

Who Is Affected

This attack primarily targets professionals and business users who regularly receive documents through WhatsApp. If you use WhatsApp on your computer for work, client communication, or business transactions, you're in the target group. Freelancers, small business owners, and remote workers are especially vulnerable.

Anyone who uses WhatsApp Desktop or Web should pay attention. The mobile app on your phone has better protections against these file types. But if you've installed WhatsApp on your Windows computer or use it through a web browser, you can receive these dangerous files.

What You Should Do Right Now

1. Check your computer for WhatsApp Desktop. If you have it installed, be extremely cautious about any documents you receive, especially from new or unexpected contacts.

The Bigger Picture

This attack represents a growing trend: criminals targeting the tools we trust most. WhatsApp has billions of users who consider it a safe communication platform. By exploiting the desktop version's features, attackers bypass our natural caution. Staying informed about these evolving threats helps you protect not just yourself, but everyone you communicate with.

How GetCyberRight Can Help

Before opening any suspicious file or clicking an unexpected link, use GCR Scam Guard to verify it first. This tool helps you check whether files and links are safe before they can harm your computer. It's especially useful when you receive unexpected business documents or links from contacts who don't normally send them. Taking two minutes to verify can save you from weeks of recovery work.