In June 2026, Kaspersky observed a malware campaign distributing malicious VBScript files through direct messages in WhatsApp. The campaign affected users across multiple countries and territories, including Malaysia, Brazil, India, Mexico, Singapore, UK, Spain, Taiwan, Australia, Russia and Vietnam, with the highest number of victims observed in Malaysia. At the time of writing this article, the campaign is still active.
Analysis shows that the campaign primarily targets users of WhatsApp Desktop and WhatsApp Web. The threat actor uses deceptive file names masquerading as business and financial documents to persuade recipients to download and execute the attachment.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Ryuk ransomware operation updates hacking techniques
April 17, 2021
Recent attacks from Ryuk ransomware operators show that the actors have a new preference when it comes to gaining initial access to the victim network. The trend observed in attacks this year reveals a predilection towards targeting hosts with remote desktop connections exposed on the public internet. Furthermore, using targeted phishing emails to deliver the malware continues ...
- NSA: 5 Security Bugs Under Active Nation-State Cyberattack
April 16, 2021
The Feds are warning that nation-state actors are once again after U.S. assets, this time in a spate of cyberattacks that exploit five vulnerabilities that affect VPN solutions, collaboration-suite software and virtualization technologies. According to the U.S. National Security Agency (NSA), which issued an alert Thursday, the advanced persistent threat (APT) group known as APT29 (a.k.a. ...
- BazarLoader Malware Abuses Slack, BaseCamp Clouds
April 16, 2021
The BazarLoader malware is leveraging worker trust in collaboration tools like Slack and BaseCamp, in email messages with links to malware payloads, researchers said. And in a secondary campaign aimed at consumers, the attackers have added a voice-call element to the attack chain. The BazarLoader downloader, written in C++, has the primary function of downloading and executing ...
- Cyberattack on UK university knocks out online learning, Teams and Zoom
April 16, 2021
The University of Hertfordshire has suffered a devastating cyberattack that knocked out all of its IT systems, including Office 365, Teams and Zoom, local networks, Wi-Fi, email, data storage and VPN. The university reported the hit by attackers on Wednesday, resulting in the cancellation of all online classes on Thursday and Friday. “Shortly before 22:00 on Wednesday ...
- XCSSET Quickly Adapts to macOS 11 and M1-based Macs
April 16, 2021
Last year, Trend Micro reserchers first found XCSSET, which targeted Mac users by infecting Xcode projects. Initially reported as a malware family, in light of our recent findings it is now classified as an ongoing campaign. This latest update details our new research regarding XCSSET, including the ways in which it has adapted itself to ...
- Second Google Chrome zero-day exploit dropped on twitter this week
April 14, 2021
A second Chromium zero-day remote code execution exploit has been released on Twitter this week that affects current versions of Google Chrome, Microsoft Edge, and likely other Chromium-based browsers. A zero-day vulnerability is when detailed information about a vulnerability or an exploit is released before the affected software developers can fix it. These vulnerabilities pose a ...