A VBScript campaign distributed through WhatsApp deploying RMM software


In June 2026, Kaspersky observed a malware campaign distributing malicious VBScript files through direct messages in WhatsApp. The campaign affected users across multiple countries and territories, including Malaysia, Brazil, India, Mexico, Singapore, UK, Spain, Taiwan, Australia, Russia and Vietnam, with the highest number of victims observed in Malaysia. At the time of writing this article, the campaign is still active.

Analysis shows that the campaign primarily targets users of WhatsApp Desktop and WhatsApp Web. The threat actor uses deceptive file names masquerading as business and financial documents to persuade recipients to download and execute the attachment.

Read more…
Source:  Kaspersky


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Veolia North America hit by ransomware attack

    January 24, 2024

    A department in Veolia North America, a transnational company offering water, energy and waste recycling management services, suffered a ransomware attack which resulted in the theft of some personal data, and forced the company to take parts of its infrastructure offline. In a press release published on the Veolia website, the company confirmed its Municipal Water ...

  • Seoul’s spy agency accuses China of major cyber attacks

    January 24, 2024

    South Korean spy agency on Wednesday reported a significant uptick in attempts of cyber attacks by foreign sources last year, waged mainly by North Korea and China. Chinese attacks tended to inflict more severe damage than North Korean ones, despite the latter being more frequent. The National Intelligence Service said cyber attacks against the public sector ...

  • CVE-2024-0204: Critical Authentication Bypass in Fortra GoAnywhere MFT

    January 24, 2024

    On January 22, 2024, Fortra published a security advisory on CVE-2024-0204, a critical authentication bypass affecting its GoAnywhere MFT secure managed file transfer product prior to version 7.4.1. The vulnerability is remotely exploitable and allows an unauthorized user to create an admin user via the administration portal. Fortra lists the root cause of CVE-2024-0204 as CWE-425: ...

  • UK: Cybercriminals claim to have stolen data from Southern Water

    January 24, 2024

    Cybercriminals claim they have stolen data from a water company’s IT systems. Southern Water, which has hundreds of thousands of customers in Kent, says it has detected suspicious activity and launched an investigation led by cybersecurity experts. But it says there is no evidence to suggest “customer relationships or financial systems” have been affected. In a ...

  • AerCap confirms cybersecurity attack

    January 23, 2024

    Irish aircraft leasing giant AerCap is investigating a cybersecurity attack on its systems, but says that it suffered no financial loss as result of the hack. Claims surfaced online at the weekend that an organisation had hacked the Dublin-headquartered multinational’s systems and planned to leak data within days. AerCap confirmed that on January 17th it experienced ...

  • “The mother of all breaches”: 26 billion records found online

    January 23, 2024

    Security researchers have discovered billions of exposed records online, calling it the “mother of all breaches”. However, the dataset doesn’t seem to be from one single data breach, but more a compilation of multiple breaches. These sets are often created by data enrichment companies. Data enrichment is the process of combining first party data from internal ...