A new wave of cyberattacks has emerged in which threat actors are leveraging the widespread popularity of WhatsApp to distribute malware targeting Microsoft Windows users. According to recent findings, attackers are sending carefully crafted messages that appear legitimate, often impersonating trusted individuals or organizations to trick victims into opening attached files. These attachments are typically disguised as harmless documents but contain malicious Visual Basic Script (VBS) files designed to initiate the infection process once executed.

Upon opening the file, the malware deploys a multi-stage attack chain that downloads additional payloads and silently installs them on the victim’s system. What makes this campaign particularly dangerous is its use of built-in Windows utilities, allowing the malicious activity to blend in with normal system operations and evade traditional security detection mechanisms. This technique enables attackers to maintain persistence, execute commands remotely, and potentially steal sensitive data without raising immediate suspicion.

Security researchers emphasize that the success of this attack heavily depends on social engineering tactics, exploiting user trust in familiar messaging platforms and known contacts. Because messages often appear to come from legitimate sources, users are more likely to interact with them, increasing the risk of compromise. Experts advise users to avoid opening unexpected attachments, verify the authenticity of messages, and keep their systems updated with the latest security patches. This campaign underscores the evolving nature of cyber threats and highlights the urgent need for stronger awareness and proactive cybersecurity practices in everyday digital communication.