September 19, 2024

Cybercriminals have been masquerading as sellers of GlobalProtect, digital personal community (VPN) software program from Palo Alto Networks, and delivering a brand new variant of WikiLoader malware via SEO (search engine optimisation) poisoning.

WikiLoader, often known as WailingCrab, is a downloader malware first found in 2022 by Proofpoint. It is bought in underground marketplaces by preliminary entry brokers, and hackers sometimes unfold the malware utilizing conventional phishing strategies and compromised WordPress websites. The present marketing campaign was initially found by Palo Alto’s Unit 42 Managed Risk Searching crew in June, which discovered that it entails an search engine optimisation poisoning method that positions attacker-controlled webpages promoting the supposed VPN on the prime of search engine outcomes. This broadens the scope of potential victims for the risk actors in comparison with conventional phishing, based on Unit 42. 

The marketing campaign has primarily impacted the US increased schooling and transportation sectors, in addition to organizations based mostly in Italy.

“Whereas search engine optimisation poisoning is just not a brand new method, it continues to be an efficient method to ship a loader to an endpoint,” the researchers wrote within the Unit 42 evaluation. “Spoofing trusted safety software program is prone to help in bypassing endpoint controls at organizations that depend on filename based mostly permit itemizing.”