A VBScript campaign distributed through WhatsApp deploying RMM software


In June 2026, Kaspersky observed a malware campaign distributing malicious VBScript files through direct messages in WhatsApp. The campaign affected users across multiple countries and territories, including Malaysia, Brazil, India, Mexico, Singapore, UK, Spain, Taiwan, Australia, Russia and Vietnam, with the highest number of victims observed in Malaysia. At the time of writing this article, the campaign is still active.

Analysis shows that the campaign primarily targets users of WhatsApp Desktop and WhatsApp Web. The threat actor uses deceptive file names masquerading as business and financial documents to persuade recipients to download and execute the attachment.

Read more…
Source:  Kaspersky


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Improving Detection and Response: Making the Case for Deceptions

    April 5, 2024

    Let’s face it, most enterprises find it incredibly difficult to detect and remove attackers once they’ve taken over user credentials, exploited hosts or both. In the meantime, attackers are working on their next moves. That means data gets stolen and ransomware gets deployed all too often. And attackers have ample time to accomplish their goals. In ...

  • Byakugan – The Malware Behind a Phishing Attack

    April 4, 2024

    In January 2024, FortiGuard Labs collected a PDF file written in Portuguese that distributes a multi-functional malware known as Byakugan. The PDF image shows a blurred table and asks the victim to click the malicious link on the PDF file to see the content. Once the link is clicked, a downloader is downloaded. The downloader drops ...

  • The Illusion Of Privacy: Geolocation Risks In Modern Dating Apps

    April 4, 2024

    Dating apps traditionally utilize location data, offering the opportunity to connect with people nearby, and enhancing the chances of real-life meetings. Some apps can also display the distance of the user to other users. This feature is quite useful for coordinating meetups, indicating whether a potential match is just a short distance away or a kilometer ...

  • LazyStealer: Sophisticated does not mean better

    April 4, 2024

    In the first quarter of 2024, researchers from Positive Technologies Expert Security Center (PT ESC) detected a series of attacks targeting government organizations in Russia, Belarus, Kazakhstan, Uzbekistan, Kyrgyzstan, Tajikistan, and Armenia. The research team could not find any links to known groups that used the same techniques. The main goal of the attack was stealing ...

  • Why the threat of a ‘nightmare’ Chinese supercomputer just got a step closer

    April 4, 2024

    A cyber security official at the US State Department had noticed something unusual. An internal IT security system, nicknamed “Big Yellow Taxi”, had flagged unusual activity on its corporate Microsoft account. The tech team quickly raised its concerns to Microsoft, hopeful that the alert was just a false positive. What rapidly emerged, however, was that a ...

  • UK: Parliamentary staff warned of dangers after suspected sexting honeytrap attacks

    April 4, 2024

    Sir Lindsay Hoyle, the Commons Speaker, has held talks with parliamentary staff following suspected sexting honeytrap attacks targeting MPs, staffers and political journalists. At least 12 men working in and around Parliament, including a serving minister and other MPs, have been targeted on WhatsApp in a suspected spear phishing attack. Attackers contacted their victims under the ...