> TritonInfoSec News
Home / Jun 24, 2026 / Story
0
#10 The Hacker News general June 23, 2026 at 05:38 UTC

WhatsApp VBScript Campaign Uses Fake Documents to Install ManageEngine RMM Tool

By [email protected] (The Hacker News)

AI Summary

An active campaign identified by Kaspersky is distributing malicious VBScript files via WhatsApp Desktop and WhatsApp Web messages across at least nine countries including Malaysia, Brazil, India, Mexico, Singapore, the UK, Spain, Taiwan, and Australia, ultimately installing ManageEngine RMM software for unauthorized remote access. The use of a legitimate RMM tool as the payload helps the malware evade detection and persist under the guise of trusted software. Security teams should add detection rules for unsanctioned ManageEngine deployments and alert on VBScript execution originating from messaging application contexts.

Read full article → https://thehackernews.com/2026/06/whatsapp-vbscrip…

Relevance score: 77.0/100

# More from June 24

  1. 1
    FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation The Hacker News
  2. 2
    Scattered Spider Hackers Plead Guilty on Day 1 of Trial Krebs on Security
  3. 3
    LastPass confirms data breach in Klue supply chain attack BleepingComputer
  4. 4
    Trump Order Sets 2030 Deadline for Federal Post-Quantum Crypto Migration The Hacker News
  5. 5
    FFmpeg PixelSmash Flaw Allows RCE on Video Players, Media Servers, NAS Appliances SecurityWeek
  6. 6
    Five Eyes agencies sound alarm about AI’s threat to cybersecurity The Record
  7. 7
    FFmpeg fixes PixelSmash flaw in widely used video decoder BleepingComputer
  8. 8
    'Cordyceps': Mushrooming Malicious Pull Requests Threaten Developer Workflows Dark Reading
  9. 9
    Cisco Unified CM flaw CVE-2026-20230 now exploited in attacks BleepingComputer