Threats Affecting Malaysia
View all threats affecting or targeting Malaysia. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
MalaysiaThreats Affecting Malaysia
Click on any threat for detailed analysis and mitigation recommendations
Bleeping Computer | 06/22/2026, 22:42:21 UTC Added: 06/22/2026, 23:09:13 UTC | |
An unknown actor distributes malicious VBS scripts via WhatsApp 0 An active malware campaign has been discovered distributing malicious VBScript files through WhatsApp direct messages since June 2026. The operation affects users across multiple countries, with Malaysia experiencing the highest concentration of victims. Attackers compromise WhatsApp accounts and send weaponized VBS files disguised as business and financial documents to contacts. The multi-stage infection chain ultimately deploys legitimate ManageEngine Endpoint Central RMM software, providing persistent remote access to compromised systems. The scripts employ heavy obfuscation, Chinese-language comments, and modify Windows UAC settings. Infrastructure overlaps with ValleyRAT and Gh0st RAT operations suggest possible Chinese-speaking operators, though attribution remains uncertain. The campaign primarily targets individual users through opportunistic rather than focused methods, exploiting social engineering techniques with localized filenames in multiple languages. Join the discussion | AlienVault OTX General | 06/22/2026, 11:01:01 UTC Added: 06/22/2026, 20:24:23 UTC |
4,300+ Outdated Routers Hijacked in Stealthy Spy Infrastructure by AryStinger malware 0 AryStinger is a malware family that hijacks over 4,300 outdated routers built on Realtek RTL819X chips, primarily D-Link DIR-850L devices, to create a stealthy reconnaissance and intrusion support network. It exploits old vulnerabilities disclosed in 2013 and 2016 to install a lightweight Linux binary that performs distributed scanning and information gathering without typical malicious activities like file encryption or cryptocurrency mining. A second, more capable Go-based build targets NAS devices via a 2025 code injection vulnerability. The malware communicates with its command and control infrastructure using obfuscated protocols and establishes persistence via Dropbear SSH. The infected routers act as Executors that perform parallel scanning tasks, enabling efficient network footprinting. The infection is concentrated mainly in South Korea and China but also affects other countries. The malware's low detection rate and use of legacy hardware with no firmware updates pose ongoing risks to privacy, enterprise security, and national infrastructure. Join the discussion | Reddit Cybersecurity | 06/22/2026, 09:34:31 UTC Added: 06/22/2026, 10:24:04 UTC |
AryStinger botnet infected thousands of D-Link routers worldwide 0 A previously undocumented malware botnet named AryStinger has compromised more than 4,000 outdated routers to turn them into proxies for malicious traffic. [...] Join the discussion | Bleeping Computer | 06/21/2026, 14:14:22 UTC Added: 06/21/2026, 16:49:45 UTC |
Threat Actors Abuse claude.ai Shared Chat for ClickFix Malvertising Campaign 0 Cybercriminals orchestrated a sophisticated malvertising operation leveraging Google Ads to impersonate popular AI developer tools including Claude AI, ChatGPT Codex, Perplexity, Cursor IDE, and JetBrains. Over seven weeks spanning April to June 2026, attackers deployed 106 unique malicious hostnames across six distinct waves, initially hosting ClickFix social engineering pages on GitLab infrastructure before pivoting to weaponize claude.ai's legitimate shared chat feature. The campaign targeted technically proficient users searching for AI development tools, tricking them into executing terminal commands that deployed the MacSync infostealer. This credential-harvesting malware collected browser data, SSH keys, and cryptocurrency wallets. The Asia-Pacific region sustained the heaviest impact with 67.2% of over 2,000 victims, particularly concentrated in Taiwan. Anthropic responded by banning malicious accounts and implementing additional abuse mitigations. MediumMalware Join the discussion British Indian Ocean Territory France Hong Kong+6#gitlab pages abuse#macsync#ai impersonation | AlienVault OTX General | 06/18/2026, 10:09:50 UTC Added: 06/18/2026, 20:20:24 UTC |
TA4922: The Suspected Chinese Crime Group is Going Global 0 TA4922 is a highly sophisticated Chinese-speaking threat actor demonstrating rapid operational tempo and continually evolving malware capabilities. Initially targeting East Asia, particularly Japan, the group has expanded globally to Europe and Africa. The actor deploys multiple malware families including Atlas RAT, RomulusLoader, SilentRunLoader, and ValleyRAT (Winos4.0), alongside legitimate remote management tools like AnyDesk and SyncFuture. Campaigns use localized lures themed around HR, payroll, tax, and invoicing, targeting hundreds to thousands of recipients per campaign. TA4922 conducts credential phishing, fraud operations including credit card theft, and attempts to shift communications to out-of-band channels like LINE, WhatsApp, and Microsoft Teams. The group leverages legitimate cloud hosting services and trusted software for delivery and persistence, combining advanced tradecraft with financially motivated objectives such as data theft, fraud, access resale, and persistent remote access. Join the discussion | AlienVault OTX General | 06/03/2026, 12:55:39 UTC Added: 06/04/2026, 08:33:36 UTC |
Showing 1 to 6 of 6 results