Microsoft has identified a new malware campaign that leverages WhatsApp messages to distribute malicious Visual Basic Script (VBS) files targeting Windows systems. The threat uses these scripts to initiate a multi-stage infection chain designed to establish persistence and enable remote access to compromised machines.
The campaign was first observed in late February 2026, according to Microsoft's security researchers. The attack appears to exploit user account control (UAC) bypass techniques to gain elevated privileges on infected Windows systems, though the specific technical details of the bypass method have not been disclosed.