CP
cyberpings
Malware & RansomwareHIGH

WhatsApp-Delivered VBS Malware Hijacks Windows via UAC Bypass

Featured image for WhatsApp-Delivered VBS Malware Hijacks Windows via UAC Bypass
THThe Hacker News
WhatsAppVBSMicrosoftmalwareUAC bypass
🎯

Basically, malware is being sent through WhatsApp messages to take control of Windows computers.

Quick Summary

Microsoft warns of a new malware campaign using WhatsApp to distribute malicious VBS files. Windows users are at risk as attackers gain remote access and escalate privileges. Stay vigilant and avoid executing unknown scripts.

What Happened

Microsoft has issued a warning about a new malware campaign that utilizes WhatsApp to distribute malicious Visual Basic Script (VBS) files. This campaign started in late February 2026 and employs a multi-stage infection chain. The goal is to establish persistence on compromised systems and enable remote access for attackers. The exact methods used to lure victims into executing these scripts remain unclear, but the tactics involve social engineering and stealth techniques.

The attackers distribute VBS files disguised as legitimate content through WhatsApp messages. When users execute these files, the malware creates hidden folders in the system and drops renamed versions of legitimate Windows utilities. This clever disguise helps the malware blend into normal system activity, making detection more difficult.

Who's Being Targeted

The campaign targets Windows users who may receive seemingly innocuous messages via WhatsApp. By leveraging a trusted messaging platform, the attackers increase the likelihood of users falling for the deception. Victims unwittingly execute the malicious scripts, leading to a compromise of their systems.

Once the malware is executed, it begins a series of actions aimed at establishing control over the victim's computer. The use of social engineering tactics makes this campaign particularly dangerous, as it preys on users' trust in familiar communication tools.

Signs of Infection

Indicators of infection include unexpected behavior on Windows systems, such as hidden folders in the ProgramData directory or renamed system utilities. The malware modifies User Account Control (UAC) settings, attempting to launch command-line interfaces with elevated privileges. Users may notice unusual system activity or experience difficulties with UAC prompts.

To further complicate matters, the malware downloads additional payloads from trusted cloud services. This method allows attackers to maintain a low profile while executing their malicious plans. If users notice any strange behavior on their systems, they should investigate further.

How to Protect Yourself

To safeguard against this type of malware, users should be cautious about unsolicited messages on messaging platforms like WhatsApp. Avoid executing files or scripts from unknown sources. Keeping antivirus software updated can help detect and block malware before it can cause harm.

Additionally, users should regularly review their system settings and be vigilant about any changes to UAC configurations. If you suspect your system has been compromised, disconnect from the internet and seek professional help to remove the malware and secure your data. Staying informed about the latest cybersecurity threats is crucial in today's digital landscape.

🔒 Pro insight: This campaign exemplifies the increasing sophistication of social engineering attacks, leveraging trusted platforms to bypass traditional security measures.

Original article from

THThe Hacker News
Read Full Article

Share

Related Pings

HIGHMalware & Ransomware

Infostealer Storm - New Malware Hijacks Sessions Seamlessly

A new infostealer named Storm is making waves in the cybercrime world. It stealthily hijacks sessions and decrypts sensitive data server-side. This poses serious risks to users, especially in corporate environments. Understanding its operation is key to enhancing security measures.

Varonis Blog·
HIGHMalware & Ransomware

Russian Hackers Exploit CTRL Toolkit for RDP Hijacking

Russian hackers are leveraging a new malware toolkit called CTRL to hijack RDP sessions and steal credentials. This poses a serious risk to organizations using remote access. Stay informed and protect your systems against this evolving threat.

Cyber Security News·
HIGHMalware & Ransomware

EtherRAT - Hackers Hide Malware Infrastructure on Ethereum

Hackers are leveraging EtherRAT to hide malware within the Ethereum blockchain. This sophisticated tool targets various sectors, making detection challenging. Organizations must act quickly to mitigate risks and protect their assets.

Cyber Security News·
HIGHMalware & Ransomware

CrystalX Malware - New MaaS Threat Spotted on Telegram

A new malware named CrystalX is being marketed on Telegram. This Malware-as-a-Service combines RAT and credential stealing features, posing significant risks to users worldwide. Organizations must act quickly to safeguard against this evolving threat.

Cyber Security News·
HIGHMalware & Ransomware

Venom Stealer - New MaaS Fuels ClickFix and Crypto Theft

A new malware-as-a-service, Venom Stealer, is facilitating ClickFix attacks that lead to cryptocurrency theft. Users of popular browsers are at risk. Organizations must implement strong security measures to defend against this evolving threat.

SC Media·
MEDIUMMalware & Ransomware

Malicious Script - Understanding Fileless Malware Persistence

A new malicious script reveals the rise of fileless malware. This stealthy malware minimizes its footprint while ensuring persistence through registry manipulation. Understanding this threat is crucial for effective cybersecurity.

SANS ISC·