#1
#1 out of 198.84%
technology3h ago
One careless click on WhatsApp files could give attackers complete control
- Microsoft warns of a multi-stage malware campaign that uses WhatsApp to deliver Visual Basic Script files and exploits the trust users place in familiar messaging platforms.
- Attackers stage the malware by hiding droppers in trusted cloud services like AWS S3, Tencent Cloud, and Backblaze B2 to disguise malicious downloads as legitimate network traffic.
- The malware renames legitimate Windows utilities and creates concealed folders to blend with normal operations and evade detection.
- Unsigned MSI installers are used in the final stage to provide persistent remote access and enable data theft.
- Microsoft recommends monitoring repeated UAC tampering and registry changes to detect the campaign’s activity.
- Security teams should restrict execution of script hosts and watch for tools placed in system paths to blend with normal operations.
- Microsoft highlights cloud-delivered protection and endpoint detection, stressing even a single careless click can bypass safeguards.
- Microsoft notes the approach is designed to reduce visibility by combining trusted platforms with legitimate tools.
- The campaign targets users via WhatsApp attachments and leverages familiar messaging to conceal malicious intent.
- Authorities urge vigilance due to cloud-based delivery that can mimic normal network traffic and legitimate services.
- The campaign emphasizes living-off-the-land tactics to minimize detection while expanding control across devices.
Vote 0