Malware, Threat Intelligence
Novel WikiLoader malware examined
Share
Italian organizations have been targeted by the TA544 and TA551 threat operations in phishing campaigns deploying the novel sophisticated downloader malware WikiLoader since December, reports The Record, a news site by cybersecurity firm Recorded Future.
Malicious Microsoft Excel attachments masquerading to be from an Italian courier service have been leveraged by attackers in a February campaign to facilitate WikiLoader installation that then prompts the distribution of the Ursnif malware, according to a Proofpoint report.
WikiLoader was noted to have the ability to send requests to Wikipedia in an effort to determine the presence of the "The Free" string, which may be used by the malware for public internet connection verification, noted researchers. The findings also noted that WikiLoader has at least three different versions, suggesting active development and the potential for facilitating the delivery of other payloads.
"This malware is in rapid development, and the threat actors are attempting to make the loader more complicated, and the payload more difficult to retrieve," said researchers.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds