"New Malware WikiLoader Targeting Italian Organizations"
Researchers are warning about a malware downloader spoofing Italian organizations in order to deliver a banking Trojan to Italian companies. The downloader, dubbed WikiLoader by Proofpoint researchers, uses multiple methods to avoid detection. The financially-motivated threat actor, tracked as TA544, likely developed WikiLoader to rent it out to "select cybercriminal threat actors." The loader leads to the Ursnif banking Trojan, one of TA544's two preferred Trojans. Researchers named the downloader WikiLoader because the malware makes a request to Wikipedia and verifies that the response contains the string "The Free." Since December 2022, Proofpoint has observed at least eight campaigns distributing WikiLoader. This article continues to discuss findings regarding WikiLoader.
BankInfoSecurity reports "New Malware WikiLoader Targeting Italian Organizations"