Cybercriminals behind a campaign dubbed DEAD#VAX are taking phishing one step further by delivering malware inside virtual hard disks that pretend to be ordinary PDF documents.
Open the wrong “invoice” or “purchase order” and you won’t see a document at all. Instead, Windows mounts a virtual drive that quietly installs AsyncRAT, a backdoor Trojan that allows attackers to remotely monitor and control your computer. It’s a remote access tool, which means attackers gain remote hands‑on‑keyboard control, while traditional file‑based defenses see almost nothing suspicious on disk.
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Criminal AI-as-a-Service in 2026: How the Underground Market Is Operationalizing Cybercrime
June 11, 2026
The underground market for criminally oriented generative AI has moved beyond the early hype surrounding ‘malicious chatbots.’ The gradual integration of AI as a productivity layer within cybercrime operations has become the dominant story, indicating that while the potential for fully autonomous AI hacking systems is possible, attackers are not embracing them as expected. Instead, ...
- Oracle warns of security bug that hackers abused to breach 100+ companies
June 11, 2026
Oracle warned its corporate customers that there is a critical-rated vulnerability in its PeopleSoft software, which is used by large companies to manage payroll and human resources, a day after a cybercrime group took credit for abusing the flaw as part of a mass-hacking campaign. The company published the security advisory on Thursday after the hacking group ShinyHunters ...
- Data of 2.4 million VRChat users stolen
June 11, 2026
VRChat, Inc. has filed a data breach notice revealing that the information of more than 2.4 million users was involved in a data breach. According to the notice, VRChat experienced unauthorized access to some account data between May 10 and May 12, 2026. The access happened in VRChat’s cloud environment and involved user profile and login-related data. Read more… Source: ...
- Free Spotify Premium hacks on social media are spreading infostealers
June 10, 2026
Short-form video platforms like TikTok and Instagram Reels have become the latest way cybercriminals spread malware. We’ve already seen attackers move away from traditional phishing emails and toward tactics that trick people into installing malware themselves. Now they’re being lured with slick social media videos that promise free Spotify Premium, free Windows activation, or free Microsoft Office, but ...
- France probes compromise of gov messaging platform after account hijack
June 9, 2026
French officials are investigating a compromise of the government’s encrypted messaging service Tchap after attackers hijacked an account and gained access to public chat rooms. The incident came to light on June 7 when France’s National Cybersecurity Agency (ANSSI) detected suspicious activity on Tchap, the government’s homegrown messaging service used across ministries and public sector organizations. The French ...
- CISA gives US federal agencies three days to fix a VPN bug under attack by a ransomware gang
June 9, 2026
A ransomware group is actively exploiting an unpatched flaw in security tools used across the U.S. federal government, prompting the U.S. cybersecurity agency CISA to order all civilian agencies to remediate the vulnerability by end of day Wednesday. Cybersecurity firm Check Point Software said the bug affects several of its remote access tools, firewalls, and VPNs, which act as ...