Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass
Summary
Microsoft has identified a new campaign where threat actors are using WhatsApp to deliver malicious Visual Basic Script (VBS) files. These scripts initiate a multi-stage infection chain designed to establish persistence and gain remote access to Windows systems, potentially by bypassing User Account Control (UAC).
IFF Assessment
The use of popular messaging platforms like WhatsApp to distribute malware that bypasses security features like UAC is a significant threat to defenders.
Defender Context
Defenders should be aware of the increasing use of legitimate communication channels for malware delivery and educate users about the risks of opening attachments or clicking links from unexpected sources. Monitoring for VBS scripts and suspicious UAC bypass attempts can help detect and prevent these types of attacks.