In June 2026, Kaspersky observed a malware campaign distributing malicious VBScript files through direct messages in WhatsApp. The campaign affected users across multiple countries and territories, including Malaysia, Brazil, India, Mexico, Singapore, UK, Spain, Taiwan, Australia, Russia and Vietnam, with the highest number of victims observed in Malaysia. At the time of writing this article, the campaign is still active.
Analysis shows that the campaign primarily targets users of WhatsApp Desktop and WhatsApp Web. The threat actor uses deceptive file names masquerading as business and financial documents to persuade recipients to download and execute the attachment.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Data breach: Broward Health warns 1.3 million patients, staff of ‘medical identity theft’
January 3, 2022
This weekend, the Broward Health hospital system notified more than 1.3 million patients and staff members that their personal information was involved in a data breach that started on October 15. In a statement on Saturday, the Florida hospital system said that in addition to names, addresses and phone numbers, Social Security numbers, bank account information ...
- Israel’s Jerusalem Post website hacked on Soleimani assassination anniversary
January 3, 2022
Israel’s Jerusalem Post newspaper said on Monday its website had been hacked, in what it said was an apparent threat to the country. Instead of displaying a main news page, the website showed an illustration that appeared to recall top Iranian general Qassem Soleimani, who was assassinated in a U.S. drone strike in Iraq on this ...
- Cyber attack on UK’s Defence Academy had ‘significant’ impact, officer in charge at the time reveals
January 2, 2022
A cyber attack – possibly by China or Russia – hit the academic arm of the UK’s Ministry of Defence and had a “significant” impact, the officer in charge at the time has revealed. Air Marshal Edward Stringer, who retired from the armed forces in August, said the “sophisticated” hack – discovered last March – prompted ...
- Firmware attack can drop persistent malware in hidden SSD area
December 30, 2021
Korean researchers have developed a set of attacks against some solid-state drives (SSDs) that could allow planting malware in a location that’s beyond the reach of the user and security solutions. The attack models are for drives with flex capacity features and target a hidden area on the device called over-provisioning, which is widely used by ...
- What the Rise in Cyber-Recon Means for Your Security Strategy
December 30, 2021
As we move into 2022, bad actors are ramping up their reconnaissance efforts to ensure more successful and more impactful cyberattacks. And that means more zero-day exploits are on the horizon. When seen through an attack chain such as the MITRE ATT&CK framework, campaigns are frequently discussed in terms of left-hand and right-hand phases of threats. ...
- Aquatic Panda Used Log4Shell Exploit Tools During Hands-on Intrusion Attempt – CrowdStrike
December 29, 2021
Since the vulnerability was announced, CrowdStrike’s OverWatch threat hunters have been continuously ingesting the latest insights about the Log4j vulnerability as well as publicly disclosed exploit methods to influence their continuous hunting operations. On Dec. 14, 2021, VMware issued guidance around elements of VMware’s Horizon service found to be vulnerable to Log4j exploits. This led ...