Microsoft has just issued a warning about a fresh cyber‑attack that uses WhatsApp messages to deliver malicious Visual Basic Script (VBS) files. The campaign, active since late February 2026, is a textbook example of how social engineering, scripting, and privilege escalation can combine to compromise Windows systems.
- WhatsApp as a delivery vector – Attackers are embedding .vbs attachments in seemingly innocent WhatsApp chats. Once a user opens the file, the script initiates a multi‑stage infection.
- UAC bypass and persistence – The VBS payload includes code that tricks Windows into granting elevated rights, bypassing the User Account Control (UAC) prompt. It then installs backdoors that allow the threat actor to maintain long‑term access and launch remote sessions.
Microsoft’s advisory emphasizes that the lure used by the threat actors is still under investigation. Until the exact social‑engineering tactics are known, the safest approach is to treat all unknown VBS attachments as high risk. Organizations should enforce strict whitelisting, educate users about phishing via messaging apps, and ensure that Windows updates and endpoint protection are fully up to date.
By staying vigilant against VBS threats delivered through unexpected channels like WhatsApp, you can protect your Windows environment from this sophisticated UAC bypass campaign. For more details, visit the source article.
https://thehackernews.com/2026/04/microsoft-warns-of-whatsapp-delivered.html