In June 2026, Kaspersky observed a malware campaign distributing malicious VBScript files through direct messages in WhatsApp. The campaign affected users across multiple countries and territories, including Malaysia, Brazil, India, Mexico, Singapore, UK, Spain, Taiwan, Australia, Russia and Vietnam, with the highest number of victims observed in Malaysia. At the time of writing this article, the campaign is still active.
Analysis shows that the campaign primarily targets users of WhatsApp Desktop and WhatsApp Web. The threat actor uses deceptive file names masquerading as business and financial documents to persuade recipients to download and execute the attachment.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- AstraLocker ransomware shuts down and releases decryptors
July 4, 2022
The threat actor behind the lesser-known AstraLocker ransomware told BleepingComputer they’re shutting down the operation and plan to switch to cryptojacking. The ransomware’s developer submitted a ZIP archive with AstraLocker decryptors to the VirusTotal malware analysis platform. BleepingComputer downloaded the archive and confirmed that the decryptors are legitimate and working after testing one of them against files ...
- British Army Twitter and YouTube feeds hijacked by crypto-promos
July 4, 2022
The British Army has apologizsed after its Twitter and YouTube accounts were compromised by entities that used them to promote NFTs. As recorded by The Wayback Machine, the @BritishArmy Twitter feed hosted content promoting non-fungible tokens described thusly: “The Anomalies is a collection of special Possessed 1/1s”. According to Web3-watcher Web3 is going just great – the ...
- What to do about inherent security flaws in critical infrastructure?
July 3, 2022
The latest threat security research into operational technology (OT) and industrial systems identified a bunch of issues — 56 to be exact — that criminals could use to launch cyberattacks against critical infrastructure. But many of them are unfixable, due to insecure protocols and architectural designs. And this highlights a larger security problem with devices that ...
- Crypto sleuths pin $100 million Harmony theft on Lazarus Group
July 1, 2022
Investigators at a blockchain analysis outfit have linked the theft of $100 million in crypto assets last week to the notorious North Korean-based cybercrime group Lazarus. The company said it had tracked the movement of some of the stolen cryptocurrency to a so-called mixer used to launder such ill-gotten funds. Blockchain startup Harmony announced June 23 ...
- Microsoft finds Raspberry Robin worm in hundreds of Windows networks
July 1, 2022
Microsoft says that a recently spotted Windows worm has been found on the networks of hundreds of organizations from various industry sectors. The malware, dubbed Raspberry Robin, spreads via infected USB devices, and it was first spotted in September 2021 by Red Canary intelligence analysts. Cybersecurity firm Sekoia also observed it using QNAP NAS devices as command ...
- #StopRansomware: MedusaLocker
June 30, 2022
The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Department of the Treasury, and the Financial Crimes Enforcement Network (FinCEN) are releasing this CSA to provide information on MedusaLocker ransomware. Observed as recently as May 2022, MedusaLocker actors predominantly rely on vulnerabilities in Remote Desktop Protocol (RDP) to access victims’ networks. ...