A VBScript campaign distributed through WhatsApp deploying RMM software


In June 2026, Kaspersky observed a malware campaign distributing malicious VBScript files through direct messages in WhatsApp. The campaign affected users across multiple countries and territories, including Malaysia, Brazil, India, Mexico, Singapore, UK, Spain, Taiwan, Australia, Russia and Vietnam, with the highest number of victims observed in Malaysia. At the time of writing this article, the campaign is still active.

Analysis shows that the campaign primarily targets users of WhatsApp Desktop and WhatsApp Web. The threat actor uses deceptive file names masquerading as business and financial documents to persuade recipients to download and execute the attachment.

Read more…
Source:  Kaspersky


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Rhode Island: Data breach at Wyatt steals info of detainees, staff and vendors

    December 22, 2023

    At least 1,454 detainees of the Donald W. Wyatt Detention Facility, 438 current and former staff members and 92 vendors have been affected by a virus in the facility’s computer system, Wyatt announced Friday. The FBI is now investigating the matter, which Wyatt discovered on November 2. “At this time, we believe that various types of ...

  • Cyberattack forces First American to take some IT systems offline

    December 22, 2023

    First American, one of the largest insurance companies in the United States, suffered a malware attack that forced the company to shut some of its systems down, including its website. At press time, the official website firstam.com was still offline, while a dedicated notification site – firstamupdate.com – was set up. There is a short notification ...

  • Indian IT services giant HCL Technologies hit by ransomware

    December 22, 2023

    Indian IT giant HCL Technologies apparently suffered a significant ransomware attack. Multiple media sources are claiming that the company filed a new report with the National Stock Exchange of India, in which it describes falling prey to a limited ransomware attack, stating that it “has become aware of a ransomware incident in an isolated cloud environment ...

  • How Outlook notification sounds can lead to zero-click exploits

    December 21, 2023

    An Akamai researcher has found two vulnerabilities in Windows that can be combined to achieve a full, zero-click remote code execution (RCE) in Outlook. Both vulnerabilities were responsibly disclosed to Microsoft and addressed in the August 2023 and October 2023 patch Tuesdays, so the researcher felt it was no problem to disclose their findings. The first ...

  • Bandook – A Persistent Threat That Keeps Evolving

    December 21, 2023

    Bandook malware is a remote access trojan that has been continuously developed since it was first detected in 2007. It has been used in various campaigns by different threat actors over the years. FortiGuard Labs identified a new Bandook variant being distributed via a PDF file this past October. This PDF file contains a shortened URL ...

  • Sneaky GPU.zip technique steals sensitive information from your graphics card

    December 21, 2023

    Researchers from four top American universities have uncovered a new way for threat actors to sneakily access visual information from your graphics card while you’re online and browsing certain websites. The researchers call this threat “GPU.zip,” because it takes advantage of the hidden data compression methods used by modern graphics processing units (GPUs) to leak visual ...