A new malware campaign is spreading via WhatsApp through fake messages containing malicious attachments. Microsoft warns that attackers are using VBS scripts and MSI files to take over systems and install backdoors.
Cybercriminals are increasingly using popular communication channels like WhatsApp to reach victims. The recent campaign analyzed by Microsoft Security Intelligence shows that attackers are successfully exploiting users’ trust in this messaging app. By sending convincing but fake messages with harmful attachments, they attempt to gain access to corporate and personal systems.
The campaign uses various techniques to avoid detection and maximize impact. Companies and individuals are urged to be extra vigilant regarding suspicious WhatsApp messages, especially when they contain unexpected attachments.
Spread via WhatsApp
The attackers send messages in the name of contacts or companies, often using an excuse or urgent message to prompt the recipient to open the attachment. The attachments consist of VBS scripts or MSI installation files that download and execute malicious code upon execution. According to Microsoft, this approach reaches a wide audience, from individual users to corporate networks.
read also
WhatsApp adds an extra layer of security for risk profiles
The VBS payloads are used to download additional malware, while the MSI files serve as backdoors through which attackers gain access to the infected system. The campaign stands out for its use of legitimate-looking filenames and the misuse of well-known brands and contacts to win the trust of victims.
Risks and defense
Once executed, the scripts can steal sensitive information, install additional malware, or make systems part of a larger botnet. Microsoft advises organizations to train users in recognizing suspicious messages and not to open unknown attachments, even if they appear to come from trusted contacts.
In addition, Microsoft advises keeping endpoint security and email filters up to date. Proactively responding to suspicious activity and monitoring unusual network traffic are crucial to preventing further spread.