The original purpose of BitLocker is to address the risks of data theft or exposure from lost, stolen, or improperly decommissioned devices.
Nonetheless, threat actors have found out that this mechanism can be repurposed for malicious ends to great effect. In that incident, the attackers were able to deploy and run an advanced VBS script that took advantage of BitLocker for unauthorized file encryption. We spotted this script and its modified versions in Mexico, Indonesia, and Jordan. In the sections below, we analyze in detail the malicious code obtained during our incident response effort and provide tips for mitigating this kind of threat.
Read more…
Source: Kaspersky
Related:
- Fake WinRAR downloads hide malware behind a real installer
January 8, 2026
A member of Malwarebytes Labs web research team pointed the author to a fake WinRAR installer that was linked from various Chinese websites. When these links start to show up, that’s usually a good indicator of a new campaign. So, the author downloaded the file and started an analysis, which turned out to be something of ...
- One million customers on alert as extortion group claims massive Brightspeed data haul
January 7, 2026
US fiber broadband company Brightspeed is investigating claims by the Crimson Collective extortion group that it stole sensitive data belonging to more than 1 million residential customers, including extensive personally identifiable information (PII), as well as account and billing details. Brightspeed is one of the largest fiber broadband providers in the US and serves customers across ...
- Hackers use ‘Blue Screen of Death’ malware to target victims
January 6, 2026
Russian cybercriminals are trying to deploy backdoors and infostealers on people’s computers through a new ClickFix campaign – but this one comes with a sinister twist. ClickFix attacks are usually centered around pop-ups – the victim gets an error message, and at the same time is offered a fix. That fix, be it to run a ...
- Hacktivist deletes white supremacist websites live onstage during hacker conference
January 5, 2026
A hacktivist remotely wiped three white supremacist websites live onstage during their talk at a hacker conference last week, with the sites yet to return online. The pseudonymous hacker, who goes by Martha Root — dressed as Pink Ranger from the Power Rangers — deleted the servers of WhiteDate, WhiteChild, and WhiteDeal in real time ...
- France: Ten people found guilty of cyberbullying Brigitte Macron
January 5, 2026
A Paris court has found ten people guilty of cyberbullying France’s first lady Brigitte Macron. All defendants were handed a variety of sentences, ranging from cyberbullying awareness training to eight-month suspended prison terms. The French court pointed to “particularly degrading, insulting, and malicious” comments referring to false claims regarding alleged trans identity and alleged criminality targeting ...
- 2025 was a terrible year for the ‘Four Families’ accused of running global cyber scam operations
January 4, 2026
People traded as commodities, iron cages used for punishment, severed fingers and even human sacrifice. These grisly details, revealed during interrogations of some of Asia’s most notorious criminal magnates, expose the horror of life in the many scam factories that dot Myanmar’s rugged and lawless border with China. The suspects were alleged members of powerful crime ...