Skip to content
logo The magazine for digital lifestyle and entertainment
A brand of Bild
CoBi Messenger News WhatsApp Windows All topics
Urgent Warning!

WhatsApp Is Now Becoming a Malware Trap Here

Smartphone with WhatsApp Logo
Dangerous attachments in WhatsApp messages target Windows systems Photo: Getty Images
Share article

April 8, 2026, 6:45 am | Read time: 2 minutes

Microsoft security experts are warning about a new scam targeting Windows PCs. Cybercriminals are using WhatsApp as a distribution channel. The desktop version on Windows 11 is particularly affected.

Here, received files can be opened directly, making attacks easier. According to a blog post by the Microsoft Defender Security Team, attackers are trying to gain access to and control computers through this method.

Disguised as a Harmless Message on WhatsApp

The malware reaches devices via manipulated Visual Basic scripts. These are sent as file attachments in WhatsApp messages. Microsoft does not provide specific examples, but the approach is known. Attackers rely on trust in the messenger. When the file is opened, a multi-stage infection begins in the background. Initially, the script creates hidden folders in the path “C:\ProgramData.” It stores altered versions of legitimate Windows tools there, with inconspicuous names like “netapi.dll” or “sc.exe.”

Loading Additional Malware

In the next step, the malware downloads additional components from cloud services. Platforms like Amazon Web Services (AWS) or Tencent Cloud are used, making the data traffic appear normal and less noticeable. Subsequently, the malware interferes with important system settings. It disables user account control and gains administrator rights via the command prompt cmd.exe. Additionally, it creates registry entries to remain active permanently.

More on the topic

Permanent Access Through Hidden Installers

At the end of the infection chain, the malware downloads additional programs. These have names like Setup.msi, WinRAR.msi, LinkPoint.msi, or AnyDesk.msi. Among them is remote maintenance software. This allows attackers to secure long-term access to the affected computer. They can read data, install additional malware, or integrate the device into a botnet.

Also interesting: New WhatsApp Features Discovered! More Comfort for Drivers and Groups

How to Protect Yourself from an Attack

Microsoft advises blocking scripting hosts on end devices and closely monitoring cloud data traffic. Companies should train their employees specifically, as social engineering plays a central role in this campaign. Most importantly: Do not open files from unknown senders and critically evaluate messages, even if they come through familiar services like WhatsApp.

This article is a machine translation of the original German version of TECHBOOK and has been reviewed for accuracy and quality by a native speaker. For feedback, please contact us at info@techbook.de.

You have successfully withdrawn your consent to the processing of personal data through tracking and advertising when using this website. You can now consent to data processing again or object to legitimate interests.