A recently discovered malware campaign has been using WhatsApp messages to distribute malicious Visual Basic Script (VBS) files, according to a warning from Microsoft.
The campaign, which started in late February 2026, utilizes these VBS scripts to initiate a complex, multi-stage infection chain. This enables the attackers to establish persistence on the compromised system and gain remote access.
The specific social engineering tactics used by the threat actors to trick users into opening the malicious VBS files are currently unknown. However, once executed, the scripts can bypass User Account Control (UAC) on Windows systems, allowing them to operate with elevated privileges.
The UAC bypass technique is particularly concerning, as it enables the malware to perform actions that would normally require administrator approval, without prompting the user for consent. This could include installing additional malware, modifying system settings, or exfiltrating sensitive data.
Microsoft’s warning highlights the growing threat of malware distribution via messaging apps like WhatsApp. As these platforms become increasingly popular, they also become more attractive targets for cybercriminals seeking to spread malicious software.
Source: Original Article
