In June 2026, Kaspersky observed a malware campaign distributing malicious VBScript files through direct messages in WhatsApp. The campaign affected users across multiple countries and territories, including Malaysia, Brazil, India, Mexico, Singapore, UK, Spain, Taiwan, Australia, Russia and Vietnam, with the highest number of victims observed in Malaysia. At the time of writing this article, the campaign is still active.
Analysis shows that the campaign primarily targets users of WhatsApp Desktop and WhatsApp Web. The threat actor uses deceptive file names masquerading as business and financial documents to persuade recipients to download and execute the attachment.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Email spoofing: how attackers impersonate legitimate senders
June 3, 2021
In a nutshell, email spoofing is the creation of fake emails that seem legitimate. This article analyzes the spoofing of email addresses through changing the From header, which provides information about the sender’s name and address. SMTP (Simple Mail Transfer Protocol, the main email transmission protocol in TCP/IP networks) offers no protection against spoofing, so it ...
- FBI attributes JBS ransomware attack to REvil
June 3, 2021
The United States FBI issued a short statement on Wednesday pinning the recent JBS ransomware incident on REvil. “As the lead federal investigative agency fighting cyber threats, combating cybercrime is one of the FBI’s highest priorities. We have attributed the JBS attack to REvil and Sodinokibi and are working diligently to bring the threat actors to ...
- CVE-2021-31181: Microsoft Sharepoint Webpart Interpretation Conflict Remote Code Execution Vulnerability
June 2, 2021
In May of 2021, Microsoft released a patch to correct CVE-2021-31181 – a remote code execution bug in the supported versions of Microsoft SharePoint Server. This bug was reported to the ZDI program by an anonymous researcher and is also known as ZDI-21-573. This blog takes a deeper look at the root cause of this ...
- Banking Attacks Surge Along with Post-COVID Economy
June 2, 2021
For many, COVID-19 has been a crushing catastrophe. But for bank scammers, it’s shaped up to be a nice little money-making opportunity. As the post-pandemic economy roars back to life, cybercriminals are using a new whirlwind of transactions as cover to launch an extraordinary number of bank fraud attacks. In just the past quarter, the number ...
- Russian underground forums launch competitions for cryptocurrency, NFT hacks
June 2, 2021
Cybercriminals in underground forums have been soliciting techniques for compromising cryptocurrency services. Capture the Flag competitions, conference calls for papers, and gamification in cybersecurity courses designed to equip learners with hands-on skills are all common in the white hat realm, but in opposition, contests are also being launched by cybercriminals to create new offensive techniques. Read more… Source: ...
- This is how attackers bypass Microsoft’s AMSI anti-malware scanning protection
June 2, 2021
In an investigation into techniques used to either avoid or disable AMSI, Sophos researchers said on Wednesday that threat actors will try everything from living-off-the-land tactics to fileless attacks. Perhaps the opportunities AMSI bypass represents were highlighted in a tweet by security expert Matt Graeber in 2016, in which Sophos says a single line of code ...