A VBScript campaign distributed through WhatsApp deploying RMM software


In June 2026, Kaspersky observed a malware campaign distributing malicious VBScript files through direct messages in WhatsApp. The campaign affected users across multiple countries and territories, including Malaysia, Brazil, India, Mexico, Singapore, UK, Spain, Taiwan, Australia, Russia and Vietnam, with the highest number of victims observed in Malaysia. At the time of writing this article, the campaign is still active.

Analysis shows that the campaign primarily targets users of WhatsApp Desktop and WhatsApp Web. The threat actor uses deceptive file names masquerading as business and financial documents to persuade recipients to download and execute the attachment.

Read more…
Source:  Kaspersky


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • ALPHV ransomware gang returns, sorta

    December 14, 2023

    The ALPHV ransomware gang, arguably the second most dangerous “big game” ransomware operator, appears to be back in business after its infrastructure went down for five days. But all does not appear to be going well for group. ALPHV’s dark web leak site may be back but it is only showing a single victim with no ...

  • Rhadamanthys v0.5.0 – A Deep Dive Into The Stealer’s Components

    December 14, 2023

    Rhadamanthys is an information stealer with a diverse set of modules and an interesting multilayered design. In their last article on Rhadamanthys, Check Point researchers focused on the custom executable formats used by this malware and their similarity to a different family, Hidden Bee, which is most likely its predecessor. In this article they do a ...

  • Exploring Encrypted Attacks Amidst the AI Revolution

    December 14, 2023

    Zscaler ThreatLabz researchers analyzed 29.8 billion blocked threats embedded in encrypted traffic from October 2022 to September 2023 in the Zscaler cloud, presenting their findings in the Zscaler ThreatLabz 2023 State of Encrypted Attacks Report. According to the Google Transparency Report, encrypted traffic saw a significant rise in the last decade, reaching 95% of global traffic ...

  • Microsoft patches 34 vulnerabilities, including one zero-day

    December 13, 2023

    December’s Patch Tuesday is a relatively quiet one on the Microsoft front. Redmond has patched 34 vulnerabilities with only four rated as critical. One vulnerability, a previously disclosed unpatched vulnerability in AMD central processing units (CPUs), was shifted by AMD to software developers. Read more… Source: Malwarebytes labs  

  • Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally

    December 13, 2023

    The US Federal Bureau of Investigation (FBI) and partners assess Russian Foreign Intelligence Service (SVR) cyber actors – also known as Advanced Persistent Threat 29 (APT 29), the Dukes, CozyBear, and NOBELIUM/Midnight Blizzard – are exploiting CVE-2023-42793 a at a large scale, targeting servers hosting JetBrains TeamCity software since September 2023. Software developers use TeamCity software ...

  • The sound of you typing on your keyboard could reveal your password

    December 12, 2023

    As if password authentication’s coffin needed any more nails, researchers in the UK have discovered yet another way to hammer one in. The technique, developed at Durham University, the University of Surrey, and Royal Holloway University of London, builds on previous work to produce a more accurate way to guess your password by listening to ...