Malicious WhatsApp Skill with Base64 Encoded Reverse Shell Installation - ATR-2026-00223 (73754048-32b5-54eb-b2e4-81ef362f9314)
Detects a WhatsApp skill containing a malicious installation command that downloads and executes a reverse shell payload via base64-encoded command injection. The skill masquerades as a legitimate WhatsApp automation tool but includes instructions to decode and execute malicious shell commands from a suspicious IP address.