A VBScript campaign distributed through WhatsApp deploying RMM software


In June 2026, Kaspersky observed a malware campaign distributing malicious VBScript files through direct messages in WhatsApp. The campaign affected users across multiple countries and territories, including Malaysia, Brazil, India, Mexico, Singapore, UK, Spain, Taiwan, Australia, Russia and Vietnam, with the highest number of victims observed in Malaysia. At the time of writing this article, the campaign is still active.

Analysis shows that the campaign primarily targets users of WhatsApp Desktop and WhatsApp Web. The threat actor uses deceptive file names masquerading as business and financial documents to persuade recipients to download and execute the attachment.

Read more…
Source:  Kaspersky


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Change Healthcare faces another ransomware threat – and it looks credible

    April 12, 2024

    For months, Change Healthcare has faced an immensely messy ransomware debacle that has left hundreds of pharmacies and medical practices across the United States unable to process claims. Now, thanks to an apparent dispute within the ransomware criminal ecosystem, it may have just become far messier still. In March, the ransomware group AlphV, which had claimed ...

  • “Highly capable” hackers root corporate networks by exploiting Palo Alto Networks firewall 0-day

    April 12, 2024

    Highly capable hackers are rooting multiple corporate networks by exploiting a maximum-severity zero-day vulnerability in a firewall product from Palo Alto Networks, researchers said Friday. The vulnerability, which has been under active exploitation for at least two weeks now, allows the hackers with no authentication to execute malicious code with root privileges, the highest possible level ...

  • Dutch chipmaker Nexperia hacked by cyber criminals

    April 12, 2024

    Dutch-headquartered chipmaker Nexperia was victim of a hacking attack by cyber criminals last month, the Chinese-owned company said on Friday, and was investigating the incident with the help of outside specialists. The company did not say if it had suffered any damage or losses as a result of the hack, but RTL said the cyber criminals ...

  • Hackable Intel and Lenovo hardware that went undetected for 5 years won’t ever be fixed

    April 11, 2024

    Hardware sold for years by the likes of Intel and Lenovo contains a remotely exploitable vulnerability that will never be fixed. The cause: a supply chain snafu involving an open source software package and hardware from multiple manufacturers that directly or indirectly incorporated it into their products. Researchers from security firm Binarly have confirmed that the ...

  • Microsoft’s April 2024 Patch Tuesday includes two actively exploited zero-day vulnerabilities

    April 11, 2024

    The April 2024 Patch Tuesday update includes patches for 149 Microsoft vulnerabilities and republishes 6 non-Microsoft CVEs. Three of those 149 vulnerabilities are listed as critical, and one is listed as actively exploited by Microsoft. Another vulnerability is claimed to be a zero-day by researchers that have found it to be used in the wild. Let’s ...

  • Apple alerts users in 92 nations to mercenary spyware attacks

    April 11, 2024

    Apple sent threat notifications to iPhone users in 92 countries on Wednesday, warning them that may have been targeted by mercenary spyware attacks. The company sent the alerts to individuals in 92 nations at 12pm Pacific Time Wednesday. It did not disclose the attackers’ identities or the countries where users received notifications. “Apple detected that you ...