In June 2026, Kaspersky observed a malware campaign distributing malicious VBScript files through direct messages in WhatsApp. The campaign affected users across multiple countries and territories, including Malaysia, Brazil, India, Mexico, Singapore, UK, Spain, Taiwan, Australia, Russia and Vietnam, with the highest number of victims observed in Malaysia. At the time of writing this article, the campaign is still active.
Analysis shows that the campaign primarily targets users of WhatsApp Desktop and WhatsApp Web. The threat actor uses deceptive file names masquerading as business and financial documents to persuade recipients to download and execute the attachment.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Infrastructure Companies Say Suppliers Pose a Growing Cyber Threat
January 27, 2023
Companies in critical infrastructure sectors say weak cyber defenses at suppliers are becoming a significant threat to their business, and that rules to boost security down the supply chain might be needed. While federal and industry rules for specific areas such as aviation, pipeline companies and other critical infrastructure operators are well-established, said Curley Henry, vice ...
- ISC Releases Security Advisories for Multiple Versions of BIND 9
January 27, 2023
The Internet Systems Consortium (ISC) has released security advisories that address vulnerabilities affecting multiple versions of the ISC’s Berkeley Internet Name Domain (BIND) 9. A remote attacker could exploit these vulnerabilities to potentially cause denial-of-service conditions and system failures. Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency
- Mitigating RBAC-Based Privilege Escalation in Popular Kubernetes Platforms
January 27, 2023
Prisma Cloud and Unit 42 recently released a report examining the use of powerful credentials in popular Kubernetes platforms, which found most platforms install privileged infrastructure components that could be abused for privilege escalation. Unit 42 happy to share that, as of today, all platforms mentioned in their report have addressed built-in node-to-admin privilege escalation. ...
- Ukraine: Sandworm hackers hit news agency with 5 data wipers
January 27, 2023
The Ukrainian Computer Emergency Response Team (CERT-UA) found a cocktail of five different data-wiping malware strains deployed on the network of the country’s national news agency (Ukrinform) on January 17th. “As of January 27, 2023, 5 samples of malicious programs (scripts) were detected, the functionality of which is aimed at violating the integrity and availability of ...
- Iranian and Russian hackers targeting politicians and journalists, warn UK officials
January 26, 2023
Iranian and Russian hackers are targeting British politicians and journalists with espionage attacks, officials have warned. The National Cyber Security Centre has issued a fresh alert about increasing attempts to steal information from specific groups and individuals. Read more… Source: BBC News
- Months after NSA disclosed Microsoft cert bug, datacenters remain unpatched
January 26, 2023
Most Windows-powered datacenter systems and applications remain vulnerable to a spoofing bug in CryptoAPI that was disclosed by the NSA and the UK National Cyber Security Center (NCSC) and patched by Microsoft last year, according to Akamai’s researchers. CryptoAPI helps developers secure Windows-based apps using cryptography; the API can be used, for instance, to validate certificates ...