By Jessica Lyons
Publication Date: 2026-03-31 21:18:00
Be careful what you click on. Miscreants are abusing WhatsApp messages in a multi-stage attack that delivers malicious Microsoft Installer (MSI) packages, allowing criminals to control victims’ machines and access all of their data.
The campaign began in late February, we’re told, and the attack chain starts with a WhatsApp message that delivers malicious Visual Basic Script (VBS) files. We’re not sure exactly how the social engineering part of the scam works – we’ve asked Redmond for additional details and will update this story if we receive any.
The Register also reached out to Meta-owned WhatsApp for comment and did not hear back.
But somehow the attacker tricks the message recipient into executing the malicious file on their system. They likely do this using a compromised WhatsApp session so that the message appears to come from one of the victim’s existing contacts. Or they blast users with a lure…