• Malware campaign spreads via WhatsApp messages, threatening user data
• WhatsApp strengthens app security to prevent breaches

Microsoft has issued an urgent security warning to WhatsApp users, which number around 3.3 billion worldwide, following the discovery of a malware campaign spreading through messages on the platform.

The campaign focuses on delivering malicious Visual Basic Script files, forming a multi-stage attack chain that endangers users’ data and devices.

Meta confirmed that some iPhone users were advised to uninstall the app, reinstall it, and log back in as a precaution after potential spyware activity was detected on their devices.

Microsoft’s security team noted that the malware disguises itself by using Windows tools with fake names to blend in with normal system activity. It retrieves payloads from trusted cloud services such as AWS, Tencent Cloud, and Backblaze B2, and installs malicious Microsoft Installer packages to maintain control over the system.

The report explained that the campaign begins by deceiving users with phishing messages containing the malicious files, potentially giving attackers persistent access to user data through Windows vulnerabilities.

Security experts warn that this method poses a clear and ongoing risk to all messaging app users, including WhatsApp.

WhatsApp has advised users to only open links or files from trusted contacts and highlighted that the app provides additional information when receiving a message from someone not in their contacts, such as the sender’s phone number and any shared groups.

The app has also recently enhanced its security measures to protect users against such attacks.