Home/ Blog/ Security news/ Article
Blog · Security news

A WhatsApp invoice is installing real IT software to hijack PCs, and your antivirus waves it through

A fake invoice on WhatsApp silently installs ManageEngine Endpoint Central, a legitimate remote-management tool, to hijack PCs. Why allowlists miss it and what

Chat bubble holding an invoice wired to several desktop computers it remotely controls
By Noam Alum · ·Security news · 5 min read Mitigate now

The most dangerous file in this campaign is one your security team probably trusts. Attackers are pushing a fake invoice through WhatsApp, and the program it eventually installs is ManageEngine Endpoint Central, a real commercial tool that IT teams buy to manage fleets of machines. It is signed. It has a vendor reputation. Your endpoint agent lets it run. The person who opened the file is not infected in the way most people picture it. They have been quietly enrolled into a remote-management console that someone else controls, with the reach of a help-desk administrator.

This is reported by BleepingComputer and analyzed by Kaspersky's Securelist team, and the interesting part is not the malware. It is that there barely is any.

What the researchers actually found

Kaspersky documented an active campaign as of June 22, 2026 that spreads through hijacked WhatsApp accounts. A compromised contact sends a script file with a finance lure name, things like an outstanding-payment list or a statement of debt, localized into Portuguese, French, German, or Malay, with no message text attached. The file is a .vbs script.

Opening it writes a hidden working folder under C:\Users\Public\Documents\, downloads two more scripts from servers the attacker runs, rewrites registry keys to switch off Windows User Account Control prompts, and then silently installs the ManageEngine agent and points it at the attacker's management servers. Most confirmed victims are in Malaysia, roughly 80 percent of the cases, with the rest spread across Brazil, India, Mexico, Singapore, the United Kingdom, Spain, Taiwan, Australia, Russia, and Vietnam. Kaspersky ties one server, 202.61.160.201, to earlier ValleyRAT and Gh0st RAT activity, and reads simplified-Chinese code comments as a low-confidence sign of a Chinese-speaking operator.

Why your endpoint tooling waves it through

The detection problem here is not stealth. It is legitimacy. ManageEngine Endpoint Central is software organizations buy on purpose. The installer and the agent are signed by a known vendor, and reputation systems treat them as clean because, in almost every other context, they are clean. An allowlist that trusts signed software from established vendors is doing exactly what it was configured to do.

That is the gap attackers are walking through. The same logic powers a wider shift we have written about before: evasion tooling is now sold as a finished product, and the cleaner a binary looks on paper, the less your signature and reputation layers have to say about it. Reputation-based defense assumes bad software looks bad. A purchased admin tool does not.

You were not infected. You were enrolled.

The better way to think about this is enrollment, not infection. Once the agent registers with the attacker's management server, the attacker holds the console side of an enterprise management tool aimed at the victim's machine. That is not a stealer that drops a payload and leaves. It is a standing capability: push any software package, run commands, pull files, at whatever privilege the agent holds, which on a managed endpoint is usually SYSTEM.

Picture a second IT department that onboarded your laptop without telling you, and answers to someone hostile. The closest pattern in our coverage is the connected app that handed over Salesforce data while the platform itself was never breached. The damage did not come from a hole in the product. It came from a legitimate integration doing legitimate things for the wrong owner. Remote-management abuse is the endpoint version of that, and it is worse, because the capability it grants is total.

WhatsApp is the new malicious attachment

Delivery matters as much as payload. The lure never touches corporate email, so the email gateway, the attachment sandbox, and the link rewriter, the controls most organizations spent the most on, never get a look at it. WhatsApp running on a work phone or a desktop client is a side door around the entire mail-security stack.

The self-spreading design makes it sharper. Every account it takes over becomes a trusted sender to that person's own contacts, so the next victim receives the lure from someone they actually know and have talked to before. We saw the same trust-laundering logic when command traffic was hidden inside Microsoft Teams relays and network sensors saw a clean call. Move the delivery onto a channel the security stack does not inspect, wrap it in a relationship the target already trusts, and the perimeter has nothing to catch.

What to detect and harden

Treat the legitimate agent as the indicator, because it is the whole attack. The detections that matter here are about context and behavior, not signatures.

  • Hunt for remote-management agents nobody deployed. An Endpoint Central agent, or any remote-monitoring tool, appearing on a host your team did not enroll and beaconing to a management server outside your own, is the single highest-signal indicator in this campaign. Map ATT&CK technique T1219, remote access software.
  • Alert on User Account Control tampering. The scripts rewrite EnableLUA and the consent-prompt policy values to disable elevation prompts, and they do it in a loop. Repeated writes to those HKLM policy keys are something normal software never does. Make it a detection, not a log line. (ATT&CK T1548.002.)
  • Flag script-host download chains. wscript.exe or cscript.exe running a .vbs out of C:\Users\Public\Documents\ and then reaching out to the internet is the early link here. (ATT&CK T1059.005.)
  • Block and hunt the known infrastructure. Deny 202.61.160.201 and search historic logs for prior connections to it.
  • Shrink the attack surface. Disable Windows Script Host on endpoints that have no need for it, and use application control to deny remote-management tools you have not sanctioned. If you do run ManageEngine yourself, pin the allowed management-server addresses so a rogue enrollment stands out instead of blending in.
  • Extend attachment hygiene to chat. Tell staff to treat an unexpected file from a known WhatsApp contact the way they would an unexpected email attachment: verify out of band before opening, because the account may be the one that was hijacked.

Remote-management abuse is not a one-off trick, it is a durable move, and it will keep working as long as defenders treat trusted software as a thing to allowlist rather than an event to authorize. The fix is a mindset shift more than a product: a management agent enrolling your endpoint is an action that should require a decision, and anything that enrolls itself is, by definition, the alarm.

Topics
Malware & C2

Frequently asked questions

What is the WhatsApp ManageEngine campaign?

It is an active malware campaign, reported in June 2026, that spreads through hijacked WhatsApp accounts. A compromised contact sends a fake-invoice script file that silently installs ManageEngine Endpoint Central, a legitimate remote-management tool, and connects it to servers the attacker controls.

Is ManageEngine Endpoint Central malware?

No. ManageEngine Endpoint Central is a legitimate, signed remote-management product that IT teams use to administer fleets of machines. In this campaign attackers install it without consent and point its agent at their own console, turning a normal admin tool into a backdoor.

Why did antivirus and EDR not stop it?

Because the installed software is genuinely legitimate and signed by a known vendor, so reputation and allowlist defenses treat it as safe. There is almost no traditional malware to flag. Detection has to focus on context: an unexpected management agent and the behavior around its install.

How do I tell if a machine was enrolled by the attacker?

Look for a remote-management agent your team never deployed that beacons to a management server outside your own. Check for User Account Control policy keys being disabled, scripts running from the hidden Public Documents folder, and any connection to the reported server at 202.61.160.201.

What should defenders do right now?

Hunt for unsanctioned remote-management agents and alert on repeated writes that disable User Account Control prompts. Block the known server address, disable Windows Script Host where it is not needed, and use application control to deny remote-management tools you have not approved.

Keep reading
Security news

GitLab patched a no-login flaw that can hijack a user's session. Self-hosted servers are the exposed ones.

GitLab's June 24 release fixes 14 flaws, including an unauthenticated cross-site scripting bug. GitLab.com is already patched; self-managed instances must

Noam Alum · Jun 25, 2026
Security news

A free GitHub account can push code as a trusted maintainer. Upgrading actions/checkout won't fix it.

Cordyceps lets anyone with a free GitHub account run code as a maintainer on 300+ repos. Why upgrading actions/checkout closes one door, not the others.

Noam Alum · Jun 25, 2026
Security news

Two flaws in Unraid's control panel let a logged-in user seize the whole server

Two command injection flaws in Unraid's web panel, CVE-2026-9772 and CVE-2026-9773, let any logged-in user run code as www-data. Both are fixed in version

Suriq's Jack · Jun 25, 2026

Ready to meet the Guardians?

Deploys fast - agentless for monitoring and cloud, a lightweight agent for deep endpoint security. Just Suriq, standing watch.

Request access Meet the clan