Skip to content
logo The magazine for digital lifestyle and entertainment
A brand of Bild
Fraud Messenger News Security WhatsApp All topics
Attention!

A wrong click on WhatsApp and strangers can control your phone

A person is holding a smartphone with both hands, typing on the on-screen keyboard. The display shows an open chat application with a green message bubble. The smartphone is in a protective case. A small tattoo is visible on the person's right wrist. In the background, other people and a wooden table can be seen, though they are out of focus.
Messages from known contacts can be dangerous if their WhatsApp account has been compromised. Photo: Getty Images
Share article

June 24, 2026, 10:44 am | Read time: 3 minutes

Anyone receiving a file via WhatsApp from a seemingly familiar contact should be particularly cautious at the moment. Attackers are sending malicious file attachments through already compromised WhatsApp accounts. Since the messages come from real contacts, recipients are especially likely to open the attachment.

According to security experts from the company Kaspersky, the perpetrators are using documents that appear convincingly real. The file names resemble typical business documents such as invoices, account statements, payment receipts, or reminders. Notably, the files are named in multiple languages, including German, English, French, and Portuguese. This suggests a broad campaign that could also affect European users.

The sent attachments are often script files that can automatically execute malicious code when opened. The attackers disguise these files as ordinary documents to entice as many users as possible to click on them.

Malware Enables Remote Access

According to Kaspersky’s “Global Research and Analysis Team” (GReAT), malware can be installed on the affected system if such a malicious attachment is opened. The malware downloads additional components from the internet and eventually installs remote maintenance software on the system. This allows attackers to gain permanent access to the computer. These tools are typically used for IT support and system administration. However, criminals can misuse this function to gain access to banking tools or private documents.

Also of interest: WhatsApp introduces self-deleting messages

The criminals deliberately exploit the trust of their victims. The messages come from real contacts, making the attachments appear harmless at first glance. After all, few people expect to receive malware from a friend or colleague. Since the malware is executed using a Windows script, Kaspersky’s warning is primarily directed at Windows users. However, other operating systems on PCs and smartphones are also vulnerable.

What Users Should Watch Out For

Kaspersky advises being generally cautious with file attachments in WhatsApp at present, even if they come from friends, colleagues, or family members. Unexpected attachments should not be opened hastily. Special caution is advised with attachments having file extensions like .vbs, .js, .scr, or .bat. If unsure, it’s best to quickly check through another means. This can quickly clarify whether the file genuinely comes from the sender or if criminals might be behind it.

In addition to a healthy dose of skepticism toward unexpected attachments, it is also advisable to regularly update Windows and the installed security software. Security updates can help mitigate the consequences of successful attacks and close known vulnerabilities.

This article is a machine translation of the original German version of TECHBOOK and has been reviewed for accuracy and quality by a native speaker. For feedback, please contact us at info@techbook.de.

You have successfully withdrawn your consent to the processing of personal data through tracking and advertising when using this website. You can now consent to data processing again or object to legitimate interests.