September 3, 2024 at 02:43PM
Cybercriminals are posing as sellers of GlobalProtect VPN software from Palo Alto Networks and spreading a new variant of WikiLoader malware through SEO poisoning. The malware, known as WailingCrab, is traditionally spread through phishing and compromised websites. This campaign, discovered by Palo Alto’s Unit 42 team, has targeted US higher education, transportation sectors, and Italian organizations.
Based on the meeting notes, the key takeaways are:
1. Cybercriminals are posing as sellers of GlobalProtect, a virtual private network (VPN) software from Palo Alto Networks, and distributing a new variant of WikiLoader malware through search engine optimization (SEO) poisoning.
2. The WikiLoader malware, also known as WailingCrab, was first identified in 2022 by Proofpoint and is typically distributed through underground marketplaces and compromised WordPress sites using traditional phishing techniques.
3. The current campaign utilizing SEO poisoning was detected by Palo Alto’s Unit 42 Managed Threat Hunting team, and it involves positioning attacker-controlled webpages advertising the supposed VPN at the top of search engine results.
4. The campaign has primarily impacted the US higher education and transportation sectors, as well as organizations based in Italy.
5. The use of SEO poisoning to distribute the malware is highlighted as an effective way to bypass endpoint controls by spoofing trusted security software, broadening the scope of potential victims compared to traditional phishing.
Is there anything else you need assistance with based on these meeting notes?