Signal

Microsoft warns of WhatsApp-delivered malware campaign targeting Windows users

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-03-31 13:43 UTCUpdated 2026-04-01 14:27 UTC

rss

malwareexploitsincident_responsesecurity_advisory

Source links open

Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.

No card needed for the free brief.

Evidence trail (top sources)

top sources (4 domains)

4 top sources shown

Malwarebytes Threat Analysis · News · malwarebytes.com · 2026-04-01 14:27 UTC

The Hacker News · News · thehackernews.com · 2026-04-01 11:49 UTC

CSO Online · News · csoonline.com · 2026-04-01 11:19 UTC

The Register Security · News · go.theregister.com · 2026-03-31 21:18 UTC

Overview

Microsoft has identified a malware campaign distributing malicious Visual Basic Script (VBS) files via WhatsApp messages to Windows users.

Entities

MicrosoftMeta

Score total

1.35

Momentum 24h

Posts

Origins

Source types

Duplicate ratio

Why now

The campaign has been active since late February 2026 and is currently ongoing.
Microsoft recently issued warnings highlighting the threat and infection methods.
The use of living-off-the-land techniques makes detection and mitigation more challenging.

Why it matters

The campaign exploits trusted platforms and legitimate tools to evade detection and maintain persistence.
Users of WhatsApp desktop apps are at risk of remote compromise through social engineering.
Awareness and caution with WhatsApp attachments can prevent infection and data breaches.

LLM analysis

Topic mix: lowPromo risk: lowSource quality: high

Recurring claims

WhatsApp messages are used to deliver malicious VBS files that lead to persistent malware infections on Windows devices.
The malware campaign uses social engineering and living-off-the-land techniques to evade detection and maintain control.

How sources frame it