Direct messages sent via WhatsApp are being used to distribute malicious Visual Basic Script (VBScript) files that lead to the installation of legitimate Remote Monitoring and Management (RMM) software. Per findings from Kaspersky, the active campaign is targeting users of WhatsApp Desktop and WhatsApp Web across Malaysia, Brazil, India, Mexico, Singapore, the U.K., Spain, Taiwan, Australia, Russia, and Vietnam. The highest concentration of victims has been reported in Malaysia. The Hacker News is the main source layer for now, and the rest should be read as a signal that is still widening. The useful angle sits in the effect on user behavior, revenue flow, or how platforms compete for attention on screen.
What is happening now
Direct messages sent via WhatsApp are being used to distribute malicious Visual Basic Script (VBScript) files that lead to the installation of legitimate Remote Monitoring and Management (RMM) software. The Hacker News form the main source layer behind the core facts in this piece. This is still a developing thread, so the useful part is knowing which source signals are hardening and which ones still need caution. On the internet and business side, the useful question is how much this change shifts user behavior, operating cost, or competitive pressure.
Where the sources line up
The Hacker News is the main source layer for now, and the rest should be read as a signal that is still widening. Per findings from Kaspersky, the active campaign is targeting users of WhatsApp Desktop and WhatsApp Web across Malaysia, Brazil, India, Mexico, Singapore, the U. K. , Spain, Taiwan, Australia, Russia, and Vietnam. The Hacker News form the main source layer behind the core facts in this piece.
The details worth keeping
The highest concentration of victims has been reported in Malaysia. The useful angle sits in the effect on user behavior, revenue flow, or how platforms compete for attention on screen. The people who should stay closest to this beat are digital channel managers, online sellers, marketers, community operators, and teams living on traffic or conversion. The next step is to see whether the current signals harden into a durable change or fade as a short-lived experiment.
Why this matters most
The signal is strong enough to deserve attention, but it still needs to be read as something developing rather than fully settled. With 1 source layers on the table, the part worth reading most closely is where firm facts meet the market's early reaction. "The threat actor uses deceptive file names masquerading as business and financial documents to persuade recipients to download and execute the attachment," security researcher Fareed Radzi said .
What to watch next
The real follow-up is whether the story turns into measurable user, creator, or revenue impact. Patrick Tech Media will keep checking rollout speed, user reaction, and how The Hacker News update the next pieces. From 1 early signals, the piece keeps 1 references that are useful for locking the main details in place. That is why the useful reading move is not to stop at the headline, but to compare the promise, the workflow change, and the likely cost before deciding anything.