A VBScript campaign distributed through WhatsApp deploying RMM software


In June 2026, Kaspersky observed a malware campaign distributing malicious VBScript files through direct messages in WhatsApp. The campaign affected users across multiple countries and territories, including Malaysia, Brazil, India, Mexico, Singapore, UK, Spain, Taiwan, Australia, Russia and Vietnam, with the highest number of victims observed in Malaysia. At the time of writing this article, the campaign is still active.

Analysis shows that the campaign primarily targets users of WhatsApp Desktop and WhatsApp Web. The threat actor uses deceptive file names masquerading as business and financial documents to persuade recipients to download and execute the attachment.

Read more…
Source:  Kaspersky


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Dutch cybersecurity experts warning companies about global ransomware attack

    April 28, 2024

    Dutch cybersecurity companies have issued warnings to thousands of companies about a global ransomware attack. The attackers, known as the Cactus Gang, are from Eastern Europe and have been active since the end of last year. The cybercriminals managed to penetrate the security systems of 122 companies, and at least 10 of those are in the ...

  • Cybersecurity researchers spotlight a new ransomware threat – be careful where you upload files

    April 26, 2024

    Today’s browsers are almost operating systems unto themselves. They can run software programs and encrypt files. These capabilities, combined with the browser’s access to the host computer’s files – including ones in the cloud, shared folders and external drives – via the File System Access API creates a new opportunity for ransomware. Imagine you want to ...

  • Kansas City SCOUT cameras, highway message boards ‘down until further notice’, officials blame cyber attack

    April 25, 2024

    The traffic cameras, tracking systems and message boards used by many throughout the Kansas City metro area are down until further notice due to what officials are calling a cyber attack. Officials with the Kansas City Scout system said early this morning all SCOUT systems went down until further notice. This included the KC SCOUT website, ...

  • Why tourists are particularly vulnerable to cyber attacks

    April 25, 2024

    Travelling abroad always comes with the potential risk of cybercrime threats including spoofing, phishing attacks, catfishing, fraudulent links and calls, spamming, etc. These travel risks are more for tourists who are generally travelling to a new country for the first time or are alone. They don’t know much about the native language of the new place ...

  • Polish minister says government used spyware against hundreds of people

    April 25, 2024

    The use of spyware in Poland under the previous government resulted in accusations that the authorities were abusing power and eroding democratic guardrails. Poland’s prosecutor general said on Wednesday that Pegasus spyware was used against hundreds of people during the former Polish government. Adam Bodnar told lawmakers that he found the scale of the surveillance to ...

  • UK: Personal details of 200,000 people at risk after neighbourhood watch system data breach

    April 24, 2024

    The names, email addresses and telephone numbers of up to 200,000 people could have been obtained by hackers following a major data breach at a police-backed alert system. Bosses at the company which manages the ‘In The Know’ alert system, which is used by Lancashire Police and Lancashire Fire and Rescue Service, have apologised. Read more… Source: MSN ...