A VBScript campaign distributed through WhatsApp deploying RMM software


In June 2026, Kaspersky observed a malware campaign distributing malicious VBScript files through direct messages in WhatsApp. The campaign affected users across multiple countries and territories, including Malaysia, Brazil, India, Mexico, Singapore, UK, Spain, Taiwan, Australia, Russia and Vietnam, with the highest number of victims observed in Malaysia. At the time of writing this article, the campaign is still active.

Analysis shows that the campaign primarily targets users of WhatsApp Desktop and WhatsApp Web. The threat actor uses deceptive file names masquerading as business and financial documents to persuade recipients to download and execute the attachment.

Read more…
Source:  Kaspersky


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Cisco Duo says a third-party data breach stole MFA SMS logs

    April 16, 2024

    Cisco Duo has confirmed some sensitive customer data was stolen after a third-party cyber-incident. In a breach notification letter sent to affected customers, Cisco Duo said that its telephony provider, which it didn’t name, was compromised on April 1 2024. Unidentified threat actors mounted a phishing attack against the third party, through which they stole login ...

  • Giant Tiger breach sees 2.8 million records leaked

    April 16, 2024

    When asked, they posted a small snippet as proof. The download of the full database is practically free for other active members of that forum. In March, one of Giant Tiger‘s vendors, a company used to manage customer communications and engagement, suffered a cyberattack, which impacted Giant Tiger, as reported by CBC. The retailer first learned ...

  • South Africa’s trade regulator ITAC hit by cyber attack

    April 16, 2024

    According to the organisation, the attack happened in January, leading to the exposure of the personal information of stakeholders. ITAC is an institution dedicated to promoting fair trade in South Africa in order to enhance economic growth and development. The site includes trade and tariff services as well as import and export control services. In a ...

  • MGM files suit against FTC to block cyber attack investigation

    April 16, 2024

    MGM filed the suit yesterday (15 April) in Washington’s federal court against both the FTC and Lina M Khan as FTC chair. The suit refers to the large-scale cyber attack launched against MGM in September last year. MGM was forced to shut down certain systems across its US properties due to the attack. Access to MGM ...

  • Best Practices for Deploying Secure and Resilient AI Systems

    April 15, 2024

    Deploying artificial intelligence (AI) systems securely requires careful setup and configuration that depends on the complexity of the AI system, the resources required (e.g., funding, technical expertise), and the infrastructure used (i.e., on premises, cloud, or hybrid). This report expands upon the ‘secure deployment’ and ‘secure operation and maintenance’ sections of the Guidelines for secure AI ...

  • SteganoAmor campaign: TA558 mass-attacking companies and public institutions all around the world

    April 15, 2024

    Researchers from the Positive Technologies Expert Security Center discovered more than three hundred attacks worldwide, which they confidently attributed to the well-known TA558 group. As originally described by researchers at ProofPoint, TA558 is a relatively small financially motivated cybercrime group that has attacked hospitality and tourism organizations mainly in Latin America, but has also been identified ...