Microsoft Alerts Users to WhatsApp-Delivered VBS Malware Threat with UAC Bypass Capabilities

Microsoft has issued a warning regarding a new malicious campaign that utilizes WhatsApp messages to distribute Visual Basic Script (VBS) files, which are then used to initiate a multi-stage infection chain.

The campaign, which began in late February 2026, aims to establish persistence and enable remote access to compromised Windows systems, allowing threat actors to gain control over the infected devices.

The infection chain involves the use of VBS scripts to bypass User Account Control (UAC) and gain elevated privileges, highlighting the severity of the vulnerability.

Although the specific lures used by threat actors to trick users into downloading and executing the malicious VBS files are currently unknown, it is essential for users to exercise caution when interacting with WhatsApp messages from unfamiliar sources.

To protect themselves from such threats, users should be cautious when clicking on links or downloading attachments from unknown sources, and ensure their systems and security software are up-to-date with the latest patches and updates.

Source: Original Article

Press ESC to close

Share Article:

Tarang Parmar

Ukraine’s CERT-UA Impersonated in Malicious Campaign Spreading AGEWHEEZE Malware to Over 1 Million Emails

The Evolution of Enterprise Security: Moving Beyond ‘Doctor No’