In June 2026, Kaspersky observed a malware campaign distributing malicious VBScript files through direct messages in WhatsApp. The campaign affected users across multiple countries and territories, including Malaysia, Brazil, India, Mexico, Singapore, UK, Spain, Taiwan, Australia, Russia and Vietnam, with the highest number of victims observed in Malaysia. At the time of writing this article, the campaign is still active.
Analysis shows that the campaign primarily targets users of WhatsApp Desktop and WhatsApp Web. The threat actor uses deceptive file names masquerading as business and financial documents to persuade recipients to download and execute the attachment.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Powerful cyber attack on Russia’s Civil Aviation Authority servers: no more data nor back-up
March 29, 2022
A powerful and effective cyberattack on the Russian Federal Air Transport Agency (Rosaviatsia) infrastructure that took place on Saturday morning has erased all documents, files, aircraft registration data and mails from the servers. In total, about 65 terabytes of data was erased. The news became known on Monday morning, the agency’s official website (favt.ru) went ...
- Transparent Tribe APT returns to strike India’s government and military
March 29, 2022
The Transparent Tribe hacking group is back with a new malware arsenal and victim list including India’s government and military. Active since at least 2013, the advanced persistent threat (APT) group operates in at least 30 countries. However, the APT tends to focus on India and Afghanistan – with the exception being attacks recorded against human ...
- IcedID malware, in the hijacked email thread, with the insecure Exchange servers
March 29, 2022
Cyber-criminals are using compromised Microsoft Exchange servers to spam out emails designed to infect people’s PCs with IcedID. IcedID is bad news because if you’re tricked into running it, it opens a backdoor allowing further malware, such as ransomware, to be injected into your system. Marks typically receive an encrypted .zip as an attachment, with the ...
- Cyber Actors Target US Election Officials with InvoiceThemed Phishing Campaign to Harvest Credentials
March 29, 2022
The FBI is warning US election and other state and local government officials about invoicethemed phishing emails that could be used to harvest officials’ login credentials. If successful, this activity may provide cyber actors with sustained, undetected access to a victim’s systems. As of October 2021, US election officials in at least nine states received invoice-themed ...
- Sophos patches critical remote code execution vulnerability in Firewall
March 28, 2022
Sophos has patched a remote code execution (RCE) vulnerability in the Firewall product line. Sophos Firewall is an enterprise cybersecurity solution that can adapt to different networks and environments. Firewall includes TLS and encrypted network traffic inspection, deep packet inspection, sandboxing, intrusion prevention systems (IPSs), and visibility features for detecting suspicious and malicious network activity. Read more… Source: ...
- Kaspersky, China Telecom, China Mobile named ‘threats to US national security’
March 28, 2022
The United Stations Federal Communications Commission (FCC) has labelled Kaspersky, China Mobile, and China Telecom as threats to national security. The three companies join Huawei, ZTE, Chinese radio-comms vendor Hytera, and Chinese video surveillance systems vendors Hangzhou Hikvision Digital Technology Company and Dahua Technology Company. Kaspersky is the first non-Chinese company to be added to the FCC’s ...