WhatsApp Users Targeted by New Malware Campaign Using Fake Office Documents

Cybercriminals have launched a sophisticated malware campaign that uses fake Microsoft Office documents shared through WhatsApp to compromise Windows computers, highlighting a growing trend of attackers exploiting trusted communication platforms to spread malicious software.

June 29, 2026 | San Francisco, California
Cybersecurity researchers have uncovered a new malware campaign in which threat actors are distributing malicious files through WhatsApp messages disguised as legitimate Microsoft Office documents. The operation is designed to trick users into opening seemingly harmless files, ultimately granting attackers remote access to infected systems and enabling long-term control over victim devices.
According to security experts, the campaign relies heavily on social engineering tactics. Victims receive files that appear to be authentic business or office-related documents. However, the attachments contain malicious Visual Basic Script (VBS) code that initiates a multi-stage infection process once executed. The attack chain has reportedly been active since early 2026 and primarily targets Windows users.
After execution, the malware creates hidden directories on the victim’s computer and deploys renamed versions of legitimate Windows utilities to avoid detection. By leveraging trusted system tools and cloud-hosted infrastructure, attackers are able to blend malicious activity with normal network traffic, making the campaign more difficult for traditional security solutions to identify.
Researchers noted that the malware subsequently downloads additional payloads from cloud platforms and attempts to establish persistence on the infected device. It can also manipulate system settings and security controls, allowing the threat actors to maintain access even after system reboots. In some instances, remote management software is installed, giving attackers the ability to monitor activity, steal sensitive information, and deploy further malicious tools.

Security professionals have urged users to exercise caution when opening files received through messaging platforms, even if they appear to come from trusted contacts. Experts recommend verifying unexpected attachments, enabling file extension visibility in Windows, keeping operating systems updated, and using reputable security software to reduce the risk of compromise.
The latest findings underscore the evolving nature of cyber threats, where attackers increasingly exploit everyday communication channels to bypass user suspicion and infiltrate systems.
Follow us On Our Social media Handles :
Instagram
Youtube
Facebook
Twitter
Also Read- Pune