A VBScript campaign distributed through WhatsApp deploying RMM software


In June 2026, Kaspersky observed a malware campaign distributing malicious VBScript files through direct messages in WhatsApp. The campaign affected users across multiple countries and territories, including Malaysia, Brazil, India, Mexico, Singapore, UK, Spain, Taiwan, Australia, Russia and Vietnam, with the highest number of victims observed in Malaysia. At the time of writing this article, the campaign is still active.

Analysis shows that the campaign primarily targets users of WhatsApp Desktop and WhatsApp Web. The threat actor uses deceptive file names masquerading as business and financial documents to persuade recipients to download and execute the attachment.

Read more…
Source:  Kaspersky


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • NHS board warns patients of further data leak after cyber attack

    April 9, 2024

    An NHS board has warned patients that further personal information could be leaked by cyber criminals who stole medical data in a major cyber attack. A large amount of confidential data was taken from NHS Dumfries and Galloway during a sustained hacking attack. Last week, INC Ransom, an extortion operation, posted a message on its dark ...

  • Critical takeover vulnerabilities in 92,000 D-Link devices under active exploitation

    April 8, 2024

    Hackers are actively exploiting a pair of recently discovered vulnerabilities to remotely commandeer network-attached storage devices manufactured by D-Link, researchers said Monday. Roughly 92,000 devices are vulnerable to the remote takeover exploits, which can be remotely transmitted by sending malicious commands through simple HTTP traffic. The vulnerability came to light two weeks ago. The researcher said ...

  • ScrubCrypt Deploys VenomRAT with an Arsenal of Plugins

    April 8, 2024

    Last year, FortiGuard Labs uncovered the 8220 Gang’s utilization of ScrubCrypt to launch attacks targeting exploitable Oracle WebLogic Servers. ScrubCrypt has been described as an “antivirus evasion tool” that converts executables into undetectable batch files. It offers several options to manipulate malware, making it more challenging for antivirus products to detect. FortiGuard Labs recently discovered a ...

  • Vet firm CVS hit by cyber-attack

    April 8, 2024

    Vet group CVS says it has been hit by a cyber-attack which has caused “considerable” disruption, particularly to its UK business. CVS, which runs about 500 veterinary practices globally and employs more than 9,000 people, said it had taken immediate action and its IT services had now been “securely restored” across most of the group. Read more… Source: ...

  • Evolving Threat Landscape: A Deep Dive into Multichannel Attacks Targeting Retailers

    April 8, 2024

    Threat actors no longer operate in silos. Today, they use multiple channels such as SMS, email, fake web pages, and compromised cloud accounts. They use these various channels to establish persistence and compromise identities so that they can elevate privileges and move laterally. Proofpoint Threat Research recently observed campaigns in which threat actors used multichannel attacks ...

  • UK: Warning to ‘stay on guard’ after Leicester council cyber-attack

    April 5, 2024

    People have been told to “stay on their guard” after a cyber-attack on Leicester City Council. Police were alerted after the authority was forced to disable its phone and computer systems on 7 March. While about 25 documents have been posted by the apparent attackers, they claim to have a much larger number. Read more… Source:,BBC News