A VBScript campaign distributed through WhatsApp deploying RMM software


In June 2026, Kaspersky observed a malware campaign distributing malicious VBScript files through direct messages in WhatsApp. The campaign affected users across multiple countries and territories, including Malaysia, Brazil, India, Mexico, Singapore, UK, Spain, Taiwan, Australia, Russia and Vietnam, with the highest number of victims observed in Malaysia. At the time of writing this article, the campaign is still active.

Analysis shows that the campaign primarily targets users of WhatsApp Desktop and WhatsApp Web. The threat actor uses deceptive file names masquerading as business and financial documents to persuade recipients to download and execute the attachment.

Read more…
Source:  Kaspersky


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Cloud Werewolf spearphishes Russian and Belarus government employees with fake spa vouchers and federal decrees

    March 29, 2024

    The BI.ZONE Threat Intelligence team has revealed another campaign by Cloud Werewolf aiming at Russian and Belarusian government organizations. According to the researchers, the group ran at least five attacks in February and March. The adversaries continue to rely on phishing emails with Microsoft Office attachments. Placing malicious content on a remote server and limiting the ...

  • Phishing Attack Targets Apple Users With Password Resets

    March 27, 2024

    If you suddenly receive dozens of password-reset notifications on your iPhone, watch out: You’re probably facing a devious phishing attack targeting Apple users. The malicious tactic is intended to to trick iPhone users into handing over access to their Apple accounts, according to security journalist Brian Krebs. One of the targeted users, tech entrepreneur Parth Patel, documented ...

  • Cambodia: Police target growing gambling, cybercrime

    March 27, 2024

    Deputy Prime Minister and Minister of Interior Sar Sokha has called on the National Police forces to intensify efforts in preventing and suppressing local crimes, including human trafficking, cybercrime and gambling. The appeal comes after authorities clamped down on over 500 illegal gambling sites and detained more than 1,000 people in the past six months. Sokha ...

  • New Gmail & M365 Warning As 2FA Security Bypass Hack Confirmed

    March 26, 2024

    The developers of a notorious 2FA account security bypass tool have launched an updated version of their ‘as-a-service’ kit that is targeting Microsoft 365 and Gmail account holders. Researchers from the Sekoia Threat Detection and Research team have published an in-depth analysis of Tycoon 2FA, a notorious adversary-in-the-middle kit, that is being distributed via cybercrime forums ...

  • Illinois Tollway warns I-PASS customers of text message phishing scam

    March 26, 2024

    The Illinois Tollway is warning customers of an ongoing phishing scam that is targeting drivers by saying that they have outstanding tolls owed to the agency. According to a press release, the Tollway says that some customers have been receiving text messages from the “Illinois toll way,” detailing outstanding toll amounts that the customers owed. Those ...

  • Agenda Ransomware Propagates to vCenters and ESXi via Custom PowerShell Script

    March 26, 2024

    Since its discovery in 2022, the Agenda Ransomware group (also known as Qilin) has been active and in development. Agenda, which Trend Micro tracks as Water Galura, continues infecting victims globally with the US, Argentina, and Australia, and Thailand being among its top targets (based on the threat actor’s leak site data). Meanwhile the Agenda ransomware ...