New WhatsApp VBS Malware Campaign Targets Windows Users with UAC Bypass

A recent cybersecurity alert from Microsoft has shed light on a malicious campaign that utilizes WhatsApp messages to spread harmful Visual Basic Script (VBS) files to unsuspecting Windows users.

The campaign, which began in late February 2026, employs these VBS scripts to initiate a complex, multi-stage infection chain. This chain is designed to achieve persistence on the compromised system and enable remote access, potentially allowing threat actors to exert control over the infected device.

According to Microsoft, the specifics of the lures used by threat actors to deceive users into executing the malicious scripts are currently unknown. However, the use of WhatsApp as a delivery mechanism highlights the evolving nature of cyber threats, where attackers are increasingly exploiting popular messaging platforms to distribute malware.

The fact that this campaign involves a UAC (User Account Control) bypass suggests that the attackers are leveraging vulnerabilities or exploits to circumvent Windows security features. This could potentially involve exploiting known vulnerabilities such as CVE-2021-1640 or other similar flaws, although specific details on the vulnerabilities exploited in this campaign are not provided.

Windows users are advised to exercise extreme caution when interacting with messages or files received via WhatsApp or any other messaging platform, especially if they contain links or attachments that prompt the execution of scripts or the installation of software.

Source: Original Article

Press ESC to close

Share Article:

Tarang Parmar

Ukraine’s CERT-UA Impersonated: 1 Million Emails Infected with AGEWHEEZE Malware in Sophisticated Phishing Campaign

The Evolution of Enterprise Security: Moving Beyond ‘Doctor No’