In June 2026, Kaspersky observed a malware campaign distributing malicious VBScript files through direct messages in WhatsApp. The campaign affected users across multiple countries and territories, including Malaysia, Brazil, India, Mexico, Singapore, UK, Spain, Taiwan, Australia, Russia and Vietnam, with the highest number of victims observed in Malaysia. At the time of writing this article, the campaign is still active.
Analysis shows that the campaign primarily targets users of WhatsApp Desktop and WhatsApp Web. The threat actor uses deceptive file names masquerading as business and financial documents to persuade recipients to download and execute the attachment.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Phishing works so well crims won’t bother with deepfakes, says Sophos chap
October 17, 2022
Panic over the risk of deepfake scams is completely overblown, according to a senior security adviser for UK-based infosec company Sophos. “The thing with deepfakes is that we aren’t seeing a lot of it,” Sophos researcher John Shier told El Reg last week. Shier said current deepfakes – AI generated videos that mimic humans – aren’t the ...
- MyDeal data breach impacts 2.2M users, stolen data for sale online
October 17, 2022
Woolworths’ MyDeal subsidiary has disclosed a data breach affecting 2.2 million customers, with the hacker trying to sell the stolen data on a hacker forum. MyDeal is an Australian retail marketplace that connects online shoppers with local retailers. Retail giant Woolworths purchased 80% of the company in September but said their systems are on a completely different ...
- Venus Ransomware targets publicly exposed Remote Desktop services
October 16, 2022
Threat actors behind the relatively new Venus Ransomware are hacking into publicly-exposed Remote Desktop services to encrypt Windows devices. Venus Ransomware appears to have begun operating in the middle of August 2022 and has since encrypted victims worldwide. However, there was another ransomware using the same encrypted file extension since 2021, but it is unclear if ...
- New PHP information-stealing malware targets Facebook accounts
October 16, 2022
A new Ducktail phishing campaign is spreading a never-before-seen Windows information-stealing malware written in PHP used to steal Facebook accounts, browser data, and cryptocurrency wallets. Ducktail phishing campaigns were first revealed by researchers from WithSecure in July 2022, who linked the attacks to Vietnamese hackers. Those campaigns relied on social engineering attacks through LinkedIn, pushing .NET Core ...
- FYI: Microsoft Office 365 Message Encryption relies on insecure block cipher
October 14, 2022
Microsoft Office 365 Message Encryption claims to offer a way “to send and receive encrypted email messages between people inside and outside your organization.” And according to WithSecure, it’s not fit for purpose: the encryption method employed, known as Electronic Codebook (ECB), is insecure for data with repeating patterns, such as plaintext or uncompressed images or ...
- New “Prestige” ransomware impacts organizations in Ukraine and Poland
October 14, 2022
The Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a novel ransomware campaign targeting organizations in the transportation and related logistics industries in Ukraine and Poland utilizing a previously unidentified ransomware payload. MSTIC researchers observed this new ransomware, which labels itself in its ransom note as “Prestige ranusomeware”, being deployed on October 11 in ...