In June 2026, Kaspersky observed a malware campaign distributing malicious VBScript files through direct messages in WhatsApp. The campaign affected users across multiple countries and territories, including Malaysia, Brazil, India, Mexico, Singapore, UK, Spain, Taiwan, Australia, Russia and Vietnam, with the highest number of victims observed in Malaysia. At the time of writing this article, the campaign is still active.
Analysis shows that the campaign primarily targets users of WhatsApp Desktop and WhatsApp Web. The threat actor uses deceptive file names masquerading as business and financial documents to persuade recipients to download and execute the attachment.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Novel ‘Victory’ Backdoor Spotted in Chinese APT Campaign
June 7, 2021
An ongoing surveillance operation has been uncovered that targets a Southeast Asian government, researchers said – using a previously unknown espionage malware. According to Check Point Research, the attack involves spear-phishing emails with malicious Word documents to gain initial access, along with the exploitation of older, known Microsoft Office security vulnerabilities. But most notable, researchers said, ...
- Securing Computerized Vehicles from Potential Cybersecurity Threats
June 6, 2021
Like technology itself, cybersecurity is ever-evolving and encompassing more areas of our lives, including transportation. Popular science fiction movies have led us to expect flying taxis and private space travel as the future of transportation. If that is going to become an eventual reality, the first steps towards that future are “smart cars” and automated ...
- REvil Ransomware Gang Spill Details on US Attacks
June 4, 2021
Cybercriminals behind the JBS Foods ransomware attack claim they had no intent to target United States-based firms. The group, identified as the Sodinokibi REvil ransomware gang, also said it was not afraid of being labeled a cyber-terrorist group. A spokesperson for REvil shared its positions in an interview on a YouTube and Telegram channel called Russian ...
- TeamTNT Actively Enumerating Cloud Environments to Infiltrate Organizations
June 4, 2021
TeamTNT has been evolving their cloud-focused cryptojacking operations for some time now. TeamTNT operations have targeted and, after compromise, exfiltrated AWS credentials, targeted Kubernetes clusters and created new malware called Black-T that integrates open source cloud native tools to assist in their cryptojacking operations. TeamTNT operations are now using compromised AWS credentials to enumerate AWS cloud ...
- New SkinnyBoy malware used by Russian hackers to breach sensitive orgs
June 3, 2021
Security researchers have discovered a new piece of malware called SkinnyBoy that was used in spear-phishing campaigns attributed to Russian-speaking hacking group APT28. The threat actor, also known as Fancy Bear, Sednit, Sofacy, Strontium, or PwnStorm, used SkinnyBoy in attacks targeting military and government institutions earlier this year. SkinnyBoy is intended for an intermediary stage of the ...
- Necro Python bot revamped with new VMWare, server exploits
June 3, 2021
A recent Necro Python bot campaign has shown that the developer behind the malware is hard at work ramping up its capabilities. On Thursday, researchers from Cisco Talos published a report on Necro Python, a bot that has been in development since 2015. The botnet’s development progress was documented in January 2021 by both Check Point ...