In June 2026, Kaspersky observed a malware campaign distributing malicious VBScript files through direct messages in WhatsApp. The campaign affected users across multiple countries and territories, including Malaysia, Brazil, India, Mexico, Singapore, UK, Spain, Taiwan, Australia, Russia and Vietnam, with the highest number of victims observed in Malaysia. At the time of writing this article, the campaign is still active.
Analysis shows that the campaign primarily targets users of WhatsApp Desktop and WhatsApp Web. The threat actor uses deceptive file names masquerading as business and financial documents to persuade recipients to download and execute the attachment.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Russian dark web marketplace Hydra cryptocurrency transactions reached $1.37bn in 2020
May 25, 2021
An investigation into the Hydra marketplace has revealed surging transaction volumes and a thriving — albeit illicit — cryptocurrency ecosystem. On Tuesday, Flashpoint and Chainalysis jointly released a report into Hydra, a marketplace in the dark web. At its inception in 2015, Hydra was well-known for the sale of narcotics, but as time has gone on, the ...
- VMware warns of critical bug affecting all vCenter Server installs
May 25, 2021
VMware urges customers to patch a critical remote code execution (RCE) vulnerability in the Virtual SAN Health Check plug-in and impacting all vCenter Server deployments. “These updates fix a critical security vulnerability, and it needs to be considered at once,” said Bob Plankers, Technical Marketing Architect at VMware. Read more… Source: Bleeping Computer
- Iranian hacking group targets Israel with wiper disguised as ransomware
May 25, 2021
An Iranian hacking group has been observed camouflaging destructive attacks against Israeli targets as ransomware attacks while maintaining access to victims’ networks for months in what looks like an extensive espionage campaign. The threat actor, tracked as Agrius by SentinelLabs researchers, has targeted Israel starting with December 2020. “Initially engaged in espionage activity, Agrius deployed a set ...
- TeamTNT Targets Kubernetes, Nearly 50,000 IPs Compromised in Worm-like Attack
May 25, 2021
Kubernetes is the most widely adopted container orchestration platform for automating the deployment, scaling, and management of containerized applications. Unfortunately, like any widely used application, it makes for an attractive target for threat actors as they are often misconfigured, especially those running primarily in cloud environments with access to nearly infinite resources. This article will ...
- Russian to be deported after foiled Tesla ransomware plot
May 24, 2021
A Russian man was sentenced Monday to what amounted to time already served in U.S. government custody and will be deported after pleading guilty to trying to pay a Tesla employee $500,000 to install computer malware at the company’s Nevada electric battery plant in a bid to steal company secrets for ransom. Egor Igorevich Kriuchkov, appearing ...
- North Korean hackers behind CryptoCore multi-million dollar heists
May 24, 2021
Security researchers piecing together evidence from multiple attacks on cryptocurrency exchanges, attributed to a threat actor they named CryptoCore have established a strong connection to the North Korean state-sponsored group Lazarus. The group is believed to have stolen hundreds of millions of U.S. dollars by breaching cryptocurrency exchanges in the U.S., Israel, Europe, and Japan over ...