In June 2026, Kaspersky observed a malware campaign distributing malicious VBScript files through direct messages in WhatsApp. The campaign affected users across multiple countries and territories, including Malaysia, Brazil, India, Mexico, Singapore, UK, Spain, Taiwan, Australia, Russia and Vietnam, with the highest number of victims observed in Malaysia. At the time of writing this article, the campaign is still active.
Analysis shows that the campaign primarily targets users of WhatsApp Desktop and WhatsApp Web. The threat actor uses deceptive file names masquerading as business and financial documents to persuade recipients to download and execute the attachment.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- The Evolution of Connected Cars as Defined by Threat Modeling UN R155-Listed Attack Vectors
September 3, 2021
The United Nations Regulation No. 155 sets provisions for cybersecurity and cyber security management systems in vehicles. A notable section of the document is Annex 5, which lists 69 attack vectors affecting vehicle cybersecurity. In order to help organizations comply with this regulation, we conducted a threat modelling exercise on the defined attack vectors as ...
- Threat Brief: CVE-2021-26084
September 3, 2021
On Aug. 25, 2021, Atlassian released a security advisory for an injection vulnerability in Confluence Server and Data Center, CVE-2021-26084. If the vulnerability is exploited, threat actors could bypass authentication and run arbitrary code on unpatched systems. Since the release of this advisory, mass scanning activity has started to occur, seeking unpatched systems, and in-the-wild ...
- Conti ransomware now hacking Exchange servers with ProxyShell exploits
September 3, 2021
The Conti ransomware gang is hacking into Microsoft Exchange servers and breaching corporate networks using recently disclosed ProxyShell vulnerability exploits. ProxyShell is the name of an exploit utilizing three chained Microsoft Exchange vulnerabilities (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207) that allow unauthenticated, remote code execution on unpatched vulnerable servers. Read more… Source: Bleeping Computer
- Babuk ransomware’s full source code leaked on hacker forum
September 3, 2021
A threat actor has leaked the complete source code for the Babuk ransomware on a Russian-speaking hacking forum. Babuk Locker, also known internally as Babyk, is a ransomware operation launched at the beginning of 2021 when it began targeting businesses to steal and encrypt their data in double-extortion attacks. Read more… Source: Bleeping Computer
- FIN7 Capitalizes on Windows 11 Release in Latest Gambit
September 3, 2021
The FIN7 financial cybercrime gang is back, delivering JavaScript backdoors using Word documents themed around the next version of Windows. That’s according to researchers at Anomali, who observed a recent campaign from the group that leveraged six different docs, all referencing “Windows 11 Alpha” – the “Insider Preview” version of the upcoming Windows 11 operating system ...
- Confessions of a ransomware negotiator: Well, somebody’s got to talk to the criminals holding data hostage
September 3, 2021
Many people outside of IT believe computers will do away with jobs, but the current ransomware plague shows that new and more curious kinds of jobs are created at least as fast. So what sort of background sets you up to talk to people holding your data for ransom? To find out, The Reg talked to ...