In June 2026, Kaspersky observed a malware campaign distributing malicious VBScript files through direct messages in WhatsApp. The campaign affected users across multiple countries and territories, including Malaysia, Brazil, India, Mexico, Singapore, UK, Spain, Taiwan, Australia, Russia and Vietnam, with the highest number of victims observed in Malaysia. At the time of writing this article, the campaign is still active.
Analysis shows that the campaign primarily targets users of WhatsApp Desktop and WhatsApp Web. The threat actor uses deceptive file names masquerading as business and financial documents to persuade recipients to download and execute the attachment.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Operation CuckooBees: Deep-Dive into Stealthy Winnti Techniques
May 4, 2022
In 2021, the Cybereason Nocturnus Incident Response Team investigated multiple intrusions targeting technology and manufacturing companies located in Asia, Europe and North America. Based on the findings of our investigation, it appears that the goal behind these intrusions was to steal sensitive intellectual property for cyber espionage purposes. Cybereason assesses with moderate-high confidence that the threat ...
- CISA Adds Five Known Exploited Vulnerabilities to Catalog
May 4, 2022
CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow on the ...
- Gear from Netgear, Linksys, and 200 others has unpatched DNS poisoning flaw
May 3, 2022
Hardware and software makers are scrambling to determine if their wares suffer from a critical vulnerability recently discovered in third-party code libraries used by hundreds of vendors, including Netgear, Linksys, Axis, and the Gentoo embedded Linux distribution. The flaw makes it possible for hackers with access to the connection between an affected device and the Internet ...
- New ransomware strains linked to North Korean govt hackers
May 3, 2022
Several ransomware strains have been linked to APT38, a North Korean-sponsored hacking group known for its focus on targeting and stealing funds from financial institutions worldwide. They’re also known for deploying destructive malware on their victims’ networks during the last stage of their attacks, likely to destroy any traces of their activity. Christiaan Beek, a lead threat ...
- Update on cyber activity in Eastern Europe
May 3, 2022
Google’s Threat Analysis Group (TAG) has been closely monitoring the cybersecurity activity in Eastern Europe with regard to the war in Ukraine. Since our last update, TAG has observed a continuously growing number of threat actors using the war as a lure in phishing and malware campaigns. Similar to other reports, we have also observed ...
- Chinese cyber-espionage group Moshen Dragon targets Asian telcos
May 2, 2022
Researchers have identified a new cluster of malicious cyber activity tracked as Moshen Dragon, targeting telecommunication service providers in Central Asia. While this new threat group has some overlaps with “RedFoxtrot” and “Nomad Panda,” including the use of ShadowPad and PlugX malware variants, there are enough differences in their activity to follow them separately. According to a ...