CP
cyberpings
Malware & RansomwareHIGH

WhatsApp Malware Campaign - New VBS Scripts Exploit Users

Featured image for WhatsApp Malware Campaign - New VBS Scripts Exploit Users
CSCyber Security News
WhatsAppVBSmalware campaignMSI backdoorsMicrosoft Defender
๐ŸŽฏ

Basically, hackers are using WhatsApp to send harmful files that can secretly take over your computer.

Quick Summary

A new malware campaign is exploiting WhatsApp to deliver harmful VBS files to Windows users. This stealthy attack can compromise systems without alerting victims. Stay informed and learn how to protect yourself from these threats.

What Happened

A new malware campaign has emerged, leveraging WhatsApp to deliver malicious files directly to Windows users. This attack exploits the trust users place in familiar messaging apps, making it easier for hackers to execute their plans. The campaign employs Visual Basic Script (VBS) files sent through WhatsApp messages, which users often overlook as potential threats.

How It Works

Once a user executes a malicious VBS file, the infection process begins silently. The script creates hidden folders in the system, dropping renamed legitimate Windows tools such as curl.exe and bitsadmin.exe. These tools are disguised to look like standard system files, allowing the malware to blend in with normal operations. The attackers then use these tools to download additional malicious payloads from trusted cloud services like AWS S3 and Backblaze B2.

Who's Being Targeted

This campaign primarily targets Windows users who frequently use WhatsApp. By sending files through a trusted platform, attackers can bypass initial suspicions that users might have about unsolicited attachments. The stealthy nature of the attack makes it particularly dangerous, as it can compromise systems without raising alarms.

Signs of Infection

Users may notice unusual behavior on their systems, such as:

  • Hidden folders in C:\ProgramData
  • Renamed system files that appear suspicious
  • Unexpected prompts requesting elevated privileges

How to Protect Yourself

To safeguard against this attack, consider the following measures:

  • Do not open unexpected attachments from WhatsApp, even from known contacts.
  • Block script hosts like wscript and cscript from untrusted paths.
  • Monitor traffic to cloud platforms frequently used by attackers.
  • Enable Endpoint Detection and Response (EDR) in block mode to catch malicious artifacts.
  • Educate users on the risks of opening files from messaging apps.

Conclusion

This malware campaign highlights the evolving tactics of cybercriminals. By exploiting widely used platforms like WhatsApp, attackers can effectively deliver malicious payloads. Users must remain vigilant and adopt proactive security measures to protect their systems from such threats.

๐Ÿ”’ Pro insight: The use of trusted cloud services for payload delivery signifies a shift in tactics โ€” expect more sophisticated social engineering attacks in the future.

Original article from

CSCyber Security Newsยท Tushar Subhra Dutta
Read Full Article

Share

Related Pings

HIGHMalware & Ransomware

Fake WhatsApp App - Italian Spyware Vendor Targets Users

WhatsApp has blocked a fake app created by Italian firm Asigint that targeted 200 users with spyware. This incident reveals serious security risks. Stay vigilant and only download official apps.

Security Affairsยท
HIGHMalware & Ransomware

Remcos RAT - Multi-Stage Infection Chain Exposed

A new Remcos RAT campaign has been uncovered, using sophisticated techniques to hide malware. This multi-layered attack targets users through phishing emails, leading to serious data breaches. Understanding this threat is crucial for effective defense against such advanced cyber attacks.

Cyber Security Newsยท
HIGHMalware & Ransomware

Linux Rootkit Detection - Importance of Behavioral Analysis

Rootkits in Linux systems are a growing threat, exposing the weaknesses of static detection methods. This article discusses how behavioral detection can enhance security. Discover techniques to better protect your systems against these stealthy attacks.

Elastic Security Labsยท
HIGHMalware & Ransomware

Ransomware - New Cybercrime Service Promotes Data Monetization

A new cybercrime service is promoting the sale of data stolen from ransomware attacks. This could lead to more victims facing extortion. Experts are divided on its potential success.

SC Mediaยท
HIGHMalware & Ransomware

CrystalRAT Malware - New Features Include Prankware and Theft

CrystalRAT malware is making waves with its remote access and data theft capabilities. Users of popular browsers and apps are at risk. Stay alert and avoid suspicious downloads to protect your data.

BleepingComputerยท
HIGHMalware & Ransomware

Malware Campaign Uses WhatsApp to Deliver Malicious VBS Files

A new malware campaign is leveraging WhatsApp to deliver malicious VBS files via trusted cloud platforms. Organizations are at risk as attackers blend into normal operations, making detection challenging. Security experts recommend proactive measures to combat this evolving threat.

SC Mediaยท