Microsoft Warns of WhatsApp-Delivered Malicious VBS Files

Microsoft has identified a campaign distributing malicious Visual Basic Script (VBS) files via WhatsApp messages, beginning in late February 2026. The attack employs a multi-stage infection chain to achieve persistence and enable remote access on Windows systems, leveraging a User Account Control (UAC) bypass technique. The threat actors’ methods for tricking users into executing the malware remain unknown. No specific lures, attribution details, or CVE identifiers were disclosed in the report. The primary impact involves unauthorized system access and potential data compromise.