security: WhatsApp malware campaign delivers VBS payloads and MSI backdoors
Microsoft Security Blog
2026-03-31
Microsoft describes a malware campaign distributed through WhatsApp messages that uses VBS scripts to start a multi-stage infection chain. The attackers use renamed Windows tools and cloud-hosted payloads to deploy MSI backdoors and keep persistent access on infected systems.