Cybercriminals have been masquerading as sellers of GlobalProtect, digital personal community (VPN) software program from Palo Alto Networks, and delivering a brand new variant of WikiLoader malware by way of search engine marketing (search engine optimization) poisoning.
WikiLoader, often known as WailingCrab, is a downloader malware first found in 2022 by Proofpoint. It is offered in underground marketplaces by preliminary entry brokers, and hackers usually unfold the malware utilizing conventional phishing strategies and compromised WordPress websites. The present marketing campaign was initially found by Palo Alto’s Unit 42 Managed Menace Looking workforce in June, which discovered that it entails an search engine optimization poisoning method that positions attacker-controlled webpages promoting the supposed VPN on the high of search engine outcomes. This broadens the scope of potential victims for the risk actors in comparison with conventional phishing, in line with Unit 42.
The marketing campaign has primarily impacted the US increased training and transportation sectors, in addition to organizations based mostly in Italy.
“Whereas search engine optimization poisoning isn’t a brand new method, it continues to be an efficient option to ship a loader to an endpoint,” the researchers wrote within the Unit 42 evaluation. “Spoofing trusted safety software program is prone to help in bypassing endpoint controls at organizations that depend on filename based mostly permit itemizing.”