"New Whiffy Recon Malware Uses Wi-Fi to Triangulate Your Location"
Cybercriminals responsible for the Smoke Loader botnet are using new malware called Whiffy Recon to triangulate the location of infected devices through Wi-Fi scanning and Google's geolocation Application Programming Interface (API). Google's geolocation API accepts HTTPS requests with Wi-Fi access point information and returns latitude and longitude coordinates to locate devices that do not have GPS. Smoke Loader is a modular malware dropper that has been active for several years. It is mainly used in the initial phases of a compromise to deliver new payloads. In the case of Whiffy Recon, knowing the victim's location could allow for more targeted attacks in specific regions or help intimidate victims by demonstrating tracking ability. This article continues to discuss findings regarding the Whiffy Recon malware.
Bleeping Computer reports "New Whiffy Recon Malware Uses Wi-Fi to Triangulate Your Location"