In June 2026, Kaspersky observed a malware campaign distributing malicious VBScript files through direct messages in WhatsApp. The campaign affected users across multiple countries and territories, including Malaysia, Brazil, India, Mexico, Singapore, UK, Spain, Taiwan, Australia, Russia and Vietnam, with the highest number of victims observed in Malaysia. At the time of writing this article, the campaign is still active.
Analysis shows that the campaign primarily targets users of WhatsApp Desktop and WhatsApp Web. The threat actor uses deceptive file names masquerading as business and financial documents to persuade recipients to download and execute the attachment.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- US and Australia warn of escalating Avaddon ransomware attacks
May 10, 2021
The Federal Bureau of Investigation (FBI) and the Australian Cyber Security Centre (ACSC) are warning of an ongoing Avaddon ransomware campaign targeting organizations from an extensive array of sectors in the US and worldwide. The FBI said in a TLP:GREEN flash alert last week that Avaddon ransomware affiliates are trying to breach the networks of manufacturing, ...
- DarkSide ransomware will now vet targets after pipeline cyberattack
May 10, 2021
The DarkSide ransomware gang posted a new “press release” today stating that they are apolitical and will vet all targets before they are attacked. Last week, the ransomware gang encrypted the network for the Colonial Pipeline, the largest fuel pipeline in the United States. Read more… Source: Bleeping Computer Related story: Colonial Pipeline cyberattack shuts down pipeline that supplies ...
- Lemon Duck hacking group adopts Microsoft Exchange Server vulnerabilities in new attacks
May 10, 2021
Researchers have explored the latest activities of the Lemon Duck hacking group, including the leverage of Microsoft Exchange Server vulnerabilities and the use of decoy top-level domains. The active exploit of zero-day Microsoft Exchange Server vulnerabilities in the wild was a security disaster for thousands of organizations. Four critical flaws, dubbed ProxyLogon, impact on-prem Microsoft Exchange Server ...
- NAME:WRECK DNS Bugs: What You Need to Know
May 9, 2021
For most internet users, there’s not much of a perceivable difference between the domain name they want to visit and the server that the domain queries. That’s because the Domain Name System (DNS) protocol does a good job of seamlessly routing users to different IP addresses that are all associated with a single domain name. The ...
- Colonial Pipeline cyberattack shuts down pipeline that supplies 45% of East Coast’s fuel
May 8, 2021
Colonial Pipeline, which accounts for 45% of the East Coast’s fuel, said it has shut down its operations due to a cyberattack. The attack highlights how ransomware and other cyberattacks are increasingly a threat to real-world infrastructure. The company delivers refined petroleum products such as gasoline, diesel, jet fuel, home heating oil and fuel for the ...
- Qualcomm chip vulnerability found in millions of Google, Samsung, and LG phones
May 8, 2021
Millions of phones across the globe were affected by a vulnerability found within a ubiquitous Qualcomm chipset, according to researchers with Israeli cybersecurity firm Checkpoint. Check Point’s Slava Makkaveev published a blog post on Thursday highlighting a security flaw in Qualcomm’s Mobile Station Modem Interface “that can be used to control the modem and dynamically patch ...