In June 2026, Kaspersky observed a malware campaign distributing malicious VBScript files through direct messages in WhatsApp. The campaign affected users across multiple countries and territories, including Malaysia, Brazil, India, Mexico, Singapore, UK, Spain, Taiwan, Australia, Russia and Vietnam, with the highest number of victims observed in Malaysia. At the time of writing this article, the campaign is still active.
Analysis shows that the campaign primarily targets users of WhatsApp Desktop and WhatsApp Web. The threat actor uses deceptive file names masquerading as business and financial documents to persuade recipients to download and execute the attachment.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Epik Confirms Hack, Gigabytes of Data on Offer
September 21, 2021
Epik, the domain registrar known for hosting several large right-wing organizations, has confirmed a hack of its systems, a week after attackers branding themselves with the Anonymous hacktivist collective label said that the group had obtained and leaked gigabits of data from the hosting company, including 15 million email addresses. “On September 15, we confirmed that ...
- Malicious PowerPoint Documents on the Rise
September 21, 2021
McAfee Labs have observed a new phishing campaign that utilizes macro capabilities available in Microsoft PowerPoint. In this campaign, the spam email comes with a PowerPoint file as an attachment. Upon opening the malicious attachment, the VBA macro executes to deliver variants of AgentTesla which is a well-known password stealer. These spam emails purport to be ...
- CISA: Sharing Information To Get Ahead Of Supply Chain Risks
September 21, 2021
The increase in digitization and use of information and communications technology (ICT) has improved ability of many companies to provide National Critical Functions. ICT enables access to real-time information, remote entry to networks, instant communication, and so much more. At the same time, nation-states seeking to cause harm to the United States (i.e., espionage or ...
- Water Basilisk Uses New HCrypt Variant to Flood Victims with RAT Payloads
September 20, 2021
A fileless campaign that used a new HCrypt variant to distribute numerous remote access trojans (RATs) in victim systems uses a newer obfuscation mechanism compared to what has been observed in past reports. It reached the peak of activity in the middle of August 2021. HCrypt is a crypter and multistage generator that is considered difficult ...
- VoIP.ms phone services disrupted by DDoS extortion attack
September 20, 2021
Threat actors are targeting voice-over-Internet provider VoIP.ms with a DDoS attack and extorting the company to stop the assault that’s severely disrupting the company’s operation. VoIP.ms is an Internet phone service company that provides affordable voice-over-IP service to businesses around the world. Read more… Source: Bleeping Computer
- Microsoft MSHTML Flaw Exploited by Ryuk Ransomware Gang
September 17, 2021
Criminals behind the Ryuk ransomware were early exploiters of the Windows MSHTML flaw, actively leveraging the bug in campaigns ahead of a patch released by Microsoft this week. Collaborative research by Microsoft and RiskIQ revealed campaigns by Ryuk threat actors early on that exploited the flaw, tracked as CVE-2021-40444. The bug is a remote code execution ...