Microsoft has issued a warning regarding a new malicious campaign that utilizes WhatsApp messages to spread Visual Basic Script (VBS) files, which are used to initiate a complex, multi-stage infection process.
The campaign, which started in late February 2026, aims to establish persistence on the target system and enable remote access, thereby allowing threat actors to exert control over the compromised device.
Although the specific lures used by the attackers to deceive users into executing the malicious scripts are currently unknown, the use of social engineering tactics, such as phishing or masquerading as legitimate entities, is suspected.
The fact that this malware can bypass User Account Control (UAC) is particularly concerning, as it allows the attackers to gain elevated privileges on the system without the user’s knowledge or consent.
As the threat landscape continues to evolve, it is essential for users to remain vigilant and cautious when interacting with messages or files received from unknown sources, especially those that prompt the execution of scripts or the installation of software.
By staying informed about the latest security threats and adopting best practices, such as verifying the authenticity of messages and being wary of unsolicited attachments, users can significantly reduce the risk of falling victim to such attacks.
Source: Original Article
