In June 2026, Kaspersky observed a malware campaign distributing malicious VBScript files through direct messages in WhatsApp. The campaign affected users across multiple countries and territories, including Malaysia, Brazil, India, Mexico, Singapore, UK, Spain, Taiwan, Australia, Russia and Vietnam, with the highest number of victims observed in Malaysia. At the time of writing this article, the campaign is still active.
Analysis shows that the campaign primarily targets users of WhatsApp Desktop and WhatsApp Web. The threat actor uses deceptive file names masquerading as business and financial documents to persuade recipients to download and execute the attachment.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Naikon’s Aria
May 8, 2020
Our colleagues at Checkpoint put together a fine research writeup on some Naikon resources and activity related to “aria-body” that we detected in 2017 and similarly reported in 2018. To supplement their research findings, we are summarizing and publishing portions of the findings reported in our June 2018 “Naikon’s New AR Backdoor Deployment to Southeast Asia”. This ...
- SilverTerrier: New COVID-19 Themed Business Email Compromise Schemes
May 7, 2020
Focusing on one of the most active subsets of the global threat landscape, Palo Alto Networks Unit 42 tracks Nigerian cyber criminals involved in Business Email Compromise (BEC) activities under the name SilverTerrier. Over the past 90 days (Jan. 30 – Apr. 30), we have observed three SilverTerrier actors/groups launch a series of 10 COVID-19 themed ...
- Targeted Ransomware Attack Hits Taiwanese Organizations
May 6, 2020
A new targeted attack has infected several organizations in Taiwan with a new ransomware family, which we have dubbed ColdLock. This attack is potentially destructive as the ransomware appears to target databases and email servers for encryption. The information we gathered indicates that this attack started hitting organizations in early May. Analysis of the malware points ...
- Coinminer, DDoS Bot Attack Docker Daemon Ports
May 6, 2020
Researchers found an open directory containing malicious files, which was first reported in a series of Twitter posts by MalwareHunterTeam. Analyzing some of the files, we found a malicious cryptocurrency miner and Distributed Denial of Service (DDoS) bot that targets open Docker daemon ports. The attack starts with the shell script named mxutzh.sh, which scans for open ports (2375, ...
- DDoS attacks in Q1 2020
May 6, 2020
Since the beginning of 2020, due to the COVID-2019 pandemic, life has shifted almost entirely to the Web — people worldwide are now working, studying, shopping, and having fun online like never before. This is reflected in the goals of recent DDoS attacks, with the most targeted resources in Q1 being websites of medical organizations, ...
- Excel Files with Hidden Sheets Target Users in Italy
May 5, 2020
A spam campaign using emails that have Excel file (.xls) attachments (detected by Trend Micro as Trojan.XF.HIDDBOOK.THDBHBO) has been seen circulating and targeting users in Italy and some users in Germany and other countries. The attachment appears blank when opened, but it has a sheet set to “hidden” that attempts to connect to a URL and download a ...