Microsoft has flagged a new malware campaign spreading through WhatsApp. Attackers use simple tricks and trusted system tools to gain access to users’ devices. The company said the method relies more on human error than technical loopholes, making it difficult to detect early.
Investigators tracking the activity reported that the campaign is circulating through chat messages that appear harmless and often slip past suspicion.
The breach starts with a Visual Basic Script (VBS) file shared over WhatsApp. Once opened, the file begins a chain of actions in the background.
The script does not behave like traditional malware. Instead, it uses Windows tools to download additional components while avoiding suspicion.
This technique ensures the malware’s operations appear normal, making it difficult for the traditional antivirus software to recognize it.
Once within the system, the malware connects to remote servers hosted on cloud platforms. It fetches instructions and installs additional components that help attackers stay connected for longer periods.
Researchers said this method ensures persistence. Though some of this activity may be detected, other processes can still remain functional. It is more difficult to track and shut down this activity as it relies on cloud infrastructure.
Also Read: Cybersecurity Arms Race: Microsoft vs. Hackers in 2026
Microsoft has warned users to avoid opening unexpected files, even if they are sent by familiar people. Experts have also advised them to check before downloading and to update devices regularly.
They also emphasized that attackers are exploiting the trust users tend to have in the source of the message. The warning highlights a growing pattern where attackers use everyday platforms to spread malware.
Messaging apps have become central to communication, and that makes them an easy target. The latest alert emphasizes a simple point: a cautious click can prevent a compromise in digital privacy.