In June 2026, Kaspersky observed a malware campaign distributing malicious VBScript files through direct messages in WhatsApp. The campaign affected users across multiple countries and territories, including Malaysia, Brazil, India, Mexico, Singapore, UK, Spain, Taiwan, Australia, Russia and Vietnam, with the highest number of victims observed in Malaysia. At the time of writing this article, the campaign is still active.
Analysis shows that the campaign primarily targets users of WhatsApp Desktop and WhatsApp Web. The threat actor uses deceptive file names masquerading as business and financial documents to persuade recipients to download and execute the attachment.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Foxit PDF “Flawed Design” Exploitation
May 14, 2024
In the realm of PDF viewers, Adobe Acrobat Reader reigns supreme as the industry’s dominant player. However, while Adobe Acrobat Reader holds the biggest market share, notable contenders are vying for attention, with Foxit PDF Reader being a prominent alternative. With more than 700 million users located in more than 200 countries and significant customers in ...
- QakBot attacks with Windows zero-day (CVE-2024-30051)
May 14, 2024
In early April 2024, Kaspersky researchers decided to take a closer look at the Windows DWM Core Library Elevation of Privilege Vulnerability CVE-2023-36033, which was previously discovered as a zero-day exploited in the wild. While searching for samples related to this exploit and attacks that used it, they found a curious document uploaded to VirusTotal on ...
- Millions of Messages Distribute LockBit Black Ransomware
May 13, 2024
Beginning April 24, 2024 and continuing daily for about a week, Proofpoint observed high-volume campaigns with millions of messages facilitated by the Phorpiex botnet and delivering LockBit Black ransomware. This is the first time Proofpoint researchers have observed samples of LockBit Black ransomware (aka LockBit 3.0) being delivered via Phorpiex in such high volumes. The LockBit ...
- How cybercriminals steal one-time passcodes for SIM swap attacks and raiding bank accounts
May 13, 2024
The incoming phone call flashes on a victim’s phone. It may only last a few seconds, but can end with the victim handing over codes that give cybercriminals the ability to hijack their online accounts or drain their crypto and digital wallets. “This is the PayPal security team here. We’ve detected some unusual activity on your ...
- Philippine National Police checking alleged data breach in its logistics system
May 13, 2024
The Philippine National Police (PNP) on Monday said it was looking into a possible breach in its logistics, data, information, and management system. “At about 10 a.m. today, it was reported that yun pong logistics, data, information, and management system experienced an alleged breach,” PNP spokesperson Police Colonel Jean Fajardo said in a presser. Read more… Source: GMA ...
- Dell data breach may affect up to 49m customers
May 13, 2024
Dell has confirmed a data breach that could, according to reports, have affected up to 49m customers. The breach revealed names and addresses of Dell customers, as well as information about equipment purchased, although the tech giant says that no payment or banking details were uncovered in the incident. Read more… Source: MSN News Sign up for our Newsletter Related:

