{"id":42121,"date":"2026-04-05T18:31:35","date_gmt":"2026-04-05T18:31:35","guid":{"rendered":"https:\/\/foreignnewstoday.com\/?p=42121"},"modified":"2026-04-05T18:31:35","modified_gmt":"2026-04-05T18:31:35","slug":"microsoft-and-ncsc-issue-alerts-over-hacker-campaigns-targeting-whatsapp-signal-messaging-apps","status":"publish","type":"post","link":"https:\/\/foreignnewstoday.com\/?p=42121","title":{"rendered":"Microsoft and NCSC issue alerts over hacker campaigns targeting WhatsApp, Signal messaging apps"},"content":{"rendered":"<p><br \/>\n<br \/><\/p>\n<div id=\"article-body\">\n<p id=\"elk-39babba5-bd0b-4a64-9387-c493f5e21731\">Microsoft has issued a warning about a sophisticated new malware campaign targeting WhatsApp users.<\/p>\n<p id=\"elk-971b1fea-2b41-4acd-8330-66cf084b667f\">Microsoft&#8217;s security experts spotted a WhatsApp campaign at the end of February that makes use of malicious Visual Basic Script (VBS) files, tricking victims via <a data-analytics-id=\"inline-link\" href=\"https:\/\/www.itpro.com\/security\/phishing\/why-social-engineering-is-such-a-problem-and-how-your-business-can-protect-itself\" data-url=\"https:\/\/www.itpro.com\/security\/phishing\/why-social-engineering-is-such-a-problem-and-how-your-business-can-protect-itself\" data-hl-processed=\"none\" data-mrf-recirculation=\"inline-link\" data-before-rewrite-localise=\"https:\/\/www.itpro.com\/security\/phishing\/why-social-engineering-is-such-a-problem-and-how-your-business-can-protect-itself\">social engineering<\/a> techniques to run the files.<\/p>\n<p><a id=\"elk-seasonal\"\/><\/p>\n<aside data-block-type=\"embed\" data-render-type=\"fte\" data-skip=\"dealsy\" data-widget-type=\"seasonal\" class=\"hawk-root\"\/>\n<p id=\"elk-97bdb9ca-ab99-4769-91ae-38c93bbaf2e2-0\">&#8220;Once executed, these scripts initiate a multi-stage infection chain designed to establish persistence and enable remote access,&#8221; noted a <a data-analytics-id=\"inline-link\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2026\/03\/31\/whatsapp-malware-campaign-delivers-vbs-payloads-msi-backdoors\/\" target=\"_blank\" data-url=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2026\/03\/31\/whatsapp-malware-campaign-delivers-vbs-payloads-msi-backdoors\/\" referrerpolicy=\"no-referrer-when-downgrade\" data-hl-processed=\"none\" data-mrf-recirculation=\"inline-link\"><u>blog post<\/u><\/a> by the Microsoft Defender Security Research Team.<\/p>\n<p id=\"elk-e62fc8ac-7eba-4f5c-aad9-607e569c08b6\">The attack blends into normal system activity by renaming real utilities before downloading dodgy payloads from normally trustworthy cloud services, including AWS and Tencent, taking control of the system by installing malicious Microsoft Installer (MSI) packages.<\/p>\n<p id=\"elk-32d28be5-805b-4565-9210-b849e88467da\">&#8220;By combining trusted platforms with legitimate tools, the threat actor reduces visibility and increases the likelihood of successful execution, &#8221; the post added.<\/p>\n<p id=\"elk-b223e253-358e-49e0-98fd-ab5dbfe0be07\">If successful, attackers can escalate privileges and gain admin control, giving them the ability to stick around on compromised devices for a long time without being spotted.<\/p>\n<p id=\"elk-77611871-08e7-4264-ad2e-cfa095185c9c\">To mitigate potential risks, Microsoft advised blocking execution of script hosts in untrusted paths, and monitoring for Windows utilities being renamed or hidden ones being executed.<\/p>\n<div id=\"slice-container-newsletterForm-articleInbodyContent-LJTnJm6NstRzVvKFnCmeyd\" class=\"slice-container newsletter-inbodyContent-slice newsletterForm-articleInbodyContent-LJTnJm6NstRzVvKFnCmeyd slice-container-newsletterForm\">\n<div data-hydrate=\"true\" class=\"newsletter-form__wrapper newsletter-form__wrapper--inbodyContent\">\n<div class=\"newsletter-form__container\">\n<section class=\"newsletter-form__top-bar\"\/>\n<section class=\"newsletter-form__main-section\">\n<p class=\"newsletter-form__strapline\">Sign up today and you will receive a free copy of our Future Focus 2025 report &#8211; the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives<\/p>\n<\/section>\n<\/div>\n<\/div>\n<\/div>\n<p id=\"elk-b7cf5d47-8a86-442c-9180-c5a2538f73f5\">More widely, Microsoft advised boosting monitoring of cloud traffic and registry changes, and \u2014 as ever \u2014 educating users about social engineering.<\/p>\n<p><a id=\"elk-d6a5eb4c-2690-4805-984c-53b31cf51686\"\/><\/p>\n<h2 id=\"whatsapp-signal-in-the-crosshairs-3\">WhatsApp, Signal in the crosshairs<\/h2>\n<p id=\"elk-0fdc21aa-a280-4120-8c6f-144b0a63b1df\">The advisory from the tech giant comes after the UK\u2019s <a data-analytics-id=\"inline-link\" href=\"https:\/\/www.itpro.com\/security\/what-is-the-national-cyber-security-centre-ncsc-and-what-does-it-do\" data-url=\"https:\/\/www.itpro.com\/security\/what-is-the-national-cyber-security-centre-ncsc-and-what-does-it-do\" data-hl-processed=\"none\" data-mrf-recirculation=\"inline-link\" data-before-rewrite-localise=\"https:\/\/www.itpro.com\/security\/what-is-the-national-cyber-security-centre-ncsc-and-what-does-it-do\">National Cyber Security Centre (NCSC)<\/a> issued a similar warning to \u201chigh risk\u201d individuals amid a fresh wave of attacks by state-backed threat actors.<\/p>\n<p id=\"elk-ba2c5b2a-da10-4fb4-adfe-c5e294119c0f\">According to the NCSC, hackers are flocking to popular messaging apps such as WhatsApp and Signal to conduct social engineering campaigns.<\/p>\n<p id=\"elk-0e3ce8eb-7add-43de-9af5-53fb166d0649\">&#8220;The NCSC and international partners have seen growing malicious activity from Russia-based actors using messaging apps to target high-risk individuals,&#8221; the security group said in a<a data-analytics-id=\"inline-link\" href=\"https:\/\/www.ncsc.gov.uk\/news\/ncsc-warns-of-messaging-app-targeting\" target=\"_blank\" data-url=\"https:\/\/www.ncsc.gov.uk\/news\/ncsc-warns-of-messaging-app-targeting\" referrerpolicy=\"no-referrer-when-downgrade\" data-hl-processed=\"none\" data-mrf-recirculation=\"inline-link\"><u> blog post<\/u><\/a>.<\/p>\n<p id=\"elk-107f5863-d4ab-4dcc-b6ec-0441cc3d3d47\">The NCSC pointed to previous campaigns aimed at compromising government officials\u2019 accounts by Chinese state-linked group, APT31, as well as attempts by the Russian-linked threat group Star Blizzard.<\/p>\n<p id=\"elk-6b6e636f-baba-4bfa-ae88-66ceac2ccb4f\">Beyond government officials, the NCSC said that high-risk individuals could include having a public profile but also anyone with &#8220;access to, or influence over, sensitive information&#8221;.<\/p>\n<p id=\"elk-f72a6e6e-4080-4950-8654-f83254bb1a26\">These attacks could involve attempts to trick users into sharing login or account recovery codes, suddenly being a part of unexpected group chats, attempts to impersonate someone you know, and the usual <a data-analytics-id=\"inline-link\" href=\"https:\/\/www.itpro.com\/security\/29093\/what-is-phishing\" data-url=\"https:\/\/www.itpro.com\/security\/29093\/what-is-phishing\" data-hl-processed=\"none\" data-mrf-recirculation=\"inline-link\" data-before-rewrite-localise=\"https:\/\/www.itpro.com\/security\/29093\/what-is-phishing\">phishing <\/a>attempts using dodgy links or QR codes.<\/p>\n<p id=\"elk-63988455-2e0e-43da-9288-c9a2a30e333b\">The NCSC said attackers could also add their device to a victim&#8217;s account without them noticing.<\/p>\n<p id=\"elk-e84633e4-e997-4135-96de-ff730925ce73\">Adam Boynton, Senior Enterprise Strategy Manager at Jamf, said the NCSC warning is a timely reminder that apps are only as secure as the device they are installed on \u2014 even if that app is well encrypted.<\/p>\n<p id=\"elk-1407a146-cc24-4352-9dea-f01d4a5fd354\">&#8220;Users often assume end-to-end encryption means end-to-end protection, but that\u2019s not the case,&#8221; Boynton said.<\/p>\n<p>&#8220;If a device is compromised, or if a user is socially engineered into linking an attacker\u2019s device to their account, encryption becomes irrelevant.&#8221;<\/p>\n<p><a id=\"elk-3314b5a1-2fc5-4ce3-a062-081ada7a58b7\"\/><\/p>\n<h2 id=\"staying-safe-3\">Staying safe<\/h2>\n<p id=\"elk-f7338ba0-6333-4568-acaf-16c70a19cd66\">Be wary when messaging, regardless of the platform, the NCSC advised. Never share verification codes, don&#8217;t click unexpected links or scan QR codes, and be aware that attackers may attempt to impersonate real contacts, so keep watch for unknown contacts or double entries.<\/p>\n<p id=\"elk-6aaf1ee9-44e8-4c5b-8212-a53b8e3ebbc1\">To boost security in these apps, users are urged to enable two-step verification, or Registration Lock in Signal, and make use of passkeys local to devices in WhatsApp and Signal.<\/p>\n<p id=\"elk-18634aec-9909-42ae-a759-df6e3d68e90b\">Turn on disappearing messages where possible to limit what&#8217;s lost if an attacker does get access.<\/p>\n<p id=\"elk-9cdef5f8-c187-4ec9-b68d-0152ec060185\">&#8220;However, you should have regard to any applicable record keeping requirements,&#8221; the NCSC noted.<\/p>\n<p id=\"elk-5421d540-a749-46ed-aa7e-f2d405c3a8ec\">The organization advised against sharing sensitive information via apps, instead using corporate approved messaging services. As ever, ensure devices are well secured and updated to fix security flaws.<\/p>\n<p id=\"elk-74dda8a8-9234-43c1-8c12-ddb28d720672\">&#8220;For organizations with high-risk individuals, the lesson is clear: app-level security is not device-level security,&#8221; added Boynton.<\/p>\n<p id=\"elk-6a581a7e-ae83-4dca-b7fc-310fe3816657\">&#8220;Visibility into linked devices, enforced software updates, and ensuring sensitive communications happen on managed channels should already be baseline. The organisations best prepared for threats like these aren\u2019t reacting to advisories \u2014 they\u2019ve already built mobile security into their foundation.&#8221;<\/p>\n<p><a id=\"elk-follow-us-on-social-media\"\/><\/p>\n<h3 class=\"article-body__section\" id=\"section-follow-us-on-social-media\"><span>FOLLOW US ON SOCIAL MEDIA<\/span><\/h3>\n<p id=\"elk-74cf6fab-bed1-4c3c-8a22-ee516b8ed142\"><a data-analytics-id=\"inline-link\" href=\"https:\/\/news.google.com\/publications\/CAAqIggKIhxDQklTRHdnTWFnc0tDV2wwY0hKdkxtTnZiU2dBUAE?ceid=GB:en&amp;oc=3&amp;hl=en-GB&amp;gl=GB\" data-url=\"https:\/\/news.google.com\/publications\/CAAqIggKIhxDQklTRHdnTWFnc0tDV2wwY0hKdkxtTnZiU2dBUAE?ceid=GB:en&amp;oc=3&amp;hl=en-GB&amp;gl=GB\" target=\"_blank\" referrerpolicy=\"no-referrer-when-downgrade\" data-hl-processed=\"none\" data-mrf-recirculation=\"inline-link\"><em>Follow ITPro on Google News<\/em><\/a><em> and <\/em><a data-analytics-id=\"inline-link\" href=\"https:\/\/www.google.com\/preferences\/source?q=itpro.com\" data-url=\"https:\/\/www.google.com\/preferences\/source?q=itpro.com\" target=\"_blank\" referrerpolicy=\"no-referrer-when-downgrade\" data-hl-processed=\"none\" data-mrf-recirculation=\"inline-link\"><em>add us as a preferred source<\/em><\/a><em> to keep tabs on all our latest news, analysis, views, and reviews.<\/em><\/p>\n<p><em>You can also <\/em><a data-analytics-id=\"inline-link\" href=\"https:\/\/www.linkedin.com\/company\/itpro-uk\" target=\"_blank\" data-url=\"https:\/\/www.linkedin.com\/company\/itpro-uk\" referrerpolicy=\"no-referrer-when-downgrade\" data-hl-processed=\"none\" data-mrf-recirculation=\"inline-link\"><em>follow ITPro on LinkedIn<\/em><\/a><em>, <\/em><a data-analytics-id=\"inline-link\" href=\"https:\/\/x.com\/ITPro\" target=\"_blank\" data-url=\"https:\/\/x.com\/ITPro\" referrerpolicy=\"no-referrer-when-downgrade\" data-hl-processed=\"none\" data-mrf-recirculation=\"inline-link\"><em>X<\/em><\/a><em>, <\/em><a data-analytics-id=\"inline-link\" href=\"https:\/\/www.facebook.com\/ITProUK\/\" target=\"_blank\" data-url=\"https:\/\/www.facebook.com\/ITProUK\/\" referrerpolicy=\"no-referrer-when-downgrade\" data-hl-processed=\"none\" data-mrf-recirculation=\"inline-link\"><em>Facebook<\/em><\/a><em>, and <\/em><a data-analytics-id=\"inline-link\" href=\"https:\/\/bsky.app\/profile\/itpro.com\" target=\"_blank\" data-url=\"https:\/\/bsky.app\/profile\/itpro.com\" referrerpolicy=\"no-referrer-when-downgrade\" data-hl-processed=\"none\" data-mrf-recirculation=\"inline-link\"><em>BlueSky<\/em><\/a><em>.<\/em><\/p>\n<div class=\"block mb-5\" id=\"articleTag\" data-component-name=\"PostArticleLinks\" data-nosnippet=\"\" data-mrf-recirculation=\"post-article-links\">\n<p>TOPICS<\/p>\n<nav class=\"py-2.5 flex gap-2.5 flex-wrap\" data-analytics-id=\"article-tag\" data-mrf-recirculation=\"article-tag\">\n<a class=\"flex-none p-2.5 text-white bg-neutral-950 hover:bg-neutral-500 hover:underline hover:underline-offset-2\" href=\"https:\/\/www.itpro.com\/tag\/social-engineering\" data-before-rewrite-localise=\"\/tag\/social-engineering\"><br \/>\nSocial Engineering<br \/>\n<\/a><br \/>\n<\/nav>\n<\/div>\n<\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/www.itpro.com\/security\/microsoft-and-ncsc-issue-alerts-over-hacker-campaigns-targeting-whatsapp-signal-messaging-apps\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft has issued a warning about a sophisticated new malware campaign targeting WhatsApp users. Microsoft&#8217;s security experts spotted a WhatsApp campaign at the end of February&hellip;<\/p>\n","protected":false},"author":1,"featured_media":42122,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_lmt_disableupdate":"","_lmt_disable":"","footnotes":""},"categories":[32],"tags":[],"class_list":["post-42121","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/foreignnewstoday.com\/index.php?rest_route=\/wp\/v2\/posts\/42121","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/foreignnewstoday.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/foreignnewstoday.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/foreignnewstoday.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/foreignnewstoday.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=42121"}],"version-history":[{"count":0,"href":"https:\/\/foreignnewstoday.com\/index.php?rest_route=\/wp\/v2\/posts\/42121\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/foreignnewstoday.com\/index.php?rest_route=\/wp\/v2\/media\/42122"}],"wp:attachment":[{"href":"https:\/\/foreignnewstoday.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=42121"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/foreignnewstoday.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=42121"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/foreignnewstoday.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=42121"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}