Alert: WhatsApp Phishing Campaign Delivers Malware

A Microsoft-reported phishing campaign uses WhatsApp messages to trick users into running malicious VBS files that create hidden folders, deploy renamed legitimate Windows utilities to evade detection, download payloads hosted on trusted cloud services (AWS, Tencent Cloud, Backblaze B2), and install MSI packages for persistence. Microsoft recommends strengthening endpoint controls (restricting script hosts and monitoring renamed utilities), enhancing cloud traffic monitoring, detecting persistence/UAC tampering, blocking known C2 infrastructure, and user training to mitigate the threat.