Cyberattackers Spoof Palo Alto VPNs to Spread WikiLoader Variant

  /     /     /  
Publicated : 23/11/2024   Category : security

Cyberattackers Spoof Palo Alto VPNs to Spread WikiLoader Variant


The malware, first discovered two years ago, has returned in campaigns using SEO poisoning.


Cybercriminals have been masquerading as sellers of GlobalProtect, virtual private network (VPN) software from Palo Alto Networks, and delivering a new variant of WikiLoader malware through search engine optimization (SEO) poisoning.
WikiLoader, also known as WailingCrab, is a downloader malware first discovered in 2022 by Proofpoint. Its sold in underground marketplaces by
initial access brokers,
and hackers typically spread the malware using traditional phishing techniques and compromised WordPress sites. The current campaign was initially discovered by Palo Altos Unit 42 Managed Threat Hunting team in June, which found that it
involves an SEO poisoning
technique that positions attacker-controlled webpages advertising the supposed VPN at the top of search engine results. This broadens the scope of potential victims for the threat actors compared to traditional phishing, according to Unit 42. 
The campaign has primarily impacted the US higher education and transportation sectors, as well as organizations based in Italy.
While SEO poisoning is not a new technique, it continues to be an effective way to deliver a loader to an endpoint,
the researchers wrote
in the Unit 42 analysis. Spoofing trusted security software is likely to assist in bypassing endpoint controls at organizations that rely on filename based allow listing.

Last News

▸ Enhancing Business Security Through Threat Intelligence ◂
Discovered: 26/12/2024
Category: security
▸ Fidelis expands in malware detection & analysis. ◂
Discovered: 26/12/2024
Category: security
▸ SMBs can enhance security via Cloud in 4 ways. ◂
Discovered: 26/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
Cyberattackers Spoof Palo Alto VPNs to Spread WikiLoader Variant