Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

WhatsApp VBScript phishing campaign targeting users in multiple countries

Campaign
First reported
Last updated
Happening score
H score 43
1 unique sources, 1 articles

Summary

Hide ▲

An ongoing phishing campaign is using compromised WhatsApp accounts to send obfuscated VBScript files to users in multiple countries, creating a path to remote system access on Windows PCs. The messages masquerade as business and financial documents to push recipients into opening the attachments. The infection flow then drops additional scripts, weakens defenses, and installs ManageEngine Endpoint Central under attacker control.

Related Happenings

TCLBANKER banking trojan activity targeting 59 financial platforms

Malware Activity
H score20 First: 08.05.2026 21:12 Last: 08.05.2026 21:12 Sources 1

About this happening: **TCLBANKER** is a newly documented **Brazilian banking trojan** that can hit **59 banking, fintech, and cryptocurrency platforms**, increasing the risk of credential theft and re...

Open Happening

TCLBanker self-spreading banking trojan

Malware Activity
H score31 First: 08.05.2026 01:06 Last: 08.05.2026 01:06 Sources 1

About this happening: The **TCLBanker** trojan now combines **trojanized installer** delivery with **self-spreading worm modules**, widening access to **59 banking, fintech, and cryptocurrency platform...

Open Happening

JanelaRAT malware activity targeting Latin American banks

Malware Activity
H score29 First: 13.04.2026 20:15 Last: 13.04.2026 20:15 Sources 1

About this happening: **JanelaRAT** continues targeting **Latin American banks and financial institutions**, with telemetry showing **14,739 attacks in Brazil** in **2025** and **11,695 in Mexico**, ra...

Open Happening

NCSC alert on messaging-app targeting of high-risk individuals

Public Sector Action
H score30 First: 02.04.2026 17:15 Last: 02.04.2026 17:15 Sources 1

About this happening: The **UK National Cyber Security Centre (NCSC)** issued a **March 31 alert** warning that **Russia-based actors** were targeting **high-risk individuals** through messaging apps,...

Open Happening

Augmented Marauder / Water Saci multi-pronged phishing campaign targeting Latin America and Europe

Campaign
H score38 First: 01.04.2026 15:36 Last: 01.04.2026 15:36 Sources 1

About this happening: **Water Saci** is actively evolving a **WhatsApp Web worm** in **Brazil** that uses **HTA** and **PDF** lures to deliver a **banking trojan**. The latest wave shifts from **PowerS...

Open Happening

Timeline

  1. 23.06.2026 01:42 2 articles · 1h ago

    WhatsApp VBScript phishing campaign targets users across multiple countries

    Initial Disclosure

    Kaspersky describes an ongoing malware campaign that targets WhatsApp users in multiple countries with deceptive messages carrying heavily obfuscated VBS and VBScript files. The messages are sent from compromised WhatsApp accounts to contacts on the victims’ contact lists, use localized business and financial document lures, and can lead on Windows to additional script downloads, UAC protection changes, and installation of ManageEngine Endpoint Central for attacker-controlled remote administration.

    Show sources
    Open in new tab