In June 2026, Kaspersky observed a malware campaign distributing malicious VBScript files through direct messages in WhatsApp. The campaign affected users across multiple countries and territories, including Malaysia, Brazil, India, Mexico, Singapore, UK, Spain, Taiwan, Australia, Russia and Vietnam, with the highest number of victims observed in Malaysia. At the time of writing this article, the campaign is still active.
Analysis shows that the campaign primarily targets users of WhatsApp Desktop and WhatsApp Web. The threat actor uses deceptive file names masquerading as business and financial documents to persuade recipients to download and execute the attachment.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Arrest in Romania of a ransomware affiliate scavenging for sensitive data
December 13, 2021
Europol’s European Cybercrime Centre (EC3) has supported the Romanian National Police (Poliția Română) and the US Federal Bureau of Investigation (FBI) in arresting a ransomware affiliate targeting high-profile organisations and companies for their sensitive data. The suspect – a 41-year-old Romanian national – was arrested today at his home in Craiova, Romania, in the early hours ...
- Volvo Cars discloses security breach leading to R&D data theft
December 10, 2021
Swedish carmaker Volvo Cars has disclosed that unknown attackers have stolen research and development information after hacking some of its servers. “Volvo Cars has become aware that one of its file repositories has been illegally accessed by a third party,” the company disclosed today. “Investigations so far confirm that a limited amount of the company’s R&D property ...
- Irish Health Service ransomware attack happened after one staffer opened malware-ridden email
December 10, 2021
Ireland’s Health Service Executive (HSE) was almost paralysed by ransomware after a single user opened a malicious file attached to a phishing email, a consultancy’s damning report has revealed. Issued today, the report from PWC (formerly known as PriceWaterhouseCoopers) said that the hugely harmful Conti ransomware infection was caused because of the simplest attack vector known ...
- CERT NZ Alert: Log4j RCE 0-day actively exploited
December 10, 2021
The ubiquitous java logging library, log4j, has an unauthenticated RCE vulnerability if a user-controlled string is logged. This could allow the attacker full control of the affected server. Reports from online users show that this is being actively exploited in the wild and that proof-of-concept code has been published. This includes many applications and services written in ...
- The Evolution of IoT Linux Malware Based on MITRE ATT&CK TTPs
December 9, 2021
In this blog entry, Trend Micro researchers share the findings of an investigation on the internet of things (IoT) Linux malware and analyzed how these malware families have been evolving. Trend Micro relied on the tactics, techniques, and procedures (TTPs) of MITRE ATT&CK to define the malware capabilities and characteristics that we saw. Trend Micro study ...
- Hundreds of thousands of MikroTik devices still vulnerable to botnets
December 9, 2021
Approximately 300,000 MikroTik routers are vulnerable to critical vulnerabilities that malware botnets can exploit for cryptomining and DDoS attacks. MikroTik is a Latvian manufacturer of routers and wireless ISPs who has sold over 2,000,000 devices globally. In August, the Mēris botnet exploited vulnerabilities in MikroTik routers to create an army of devices that performed a record-breaking DDoS ...