Ukraine hit by SmokeLoader malware, CERT-UA warns

The Computer Emergency Response Team of Ukraine (CERT-UA) explained that the SmokeLoader malware is being distributed as part of an ongoing phishing campaign.


According to a notice by CERT-UA, the emails are sent using compromised accounts and come with a zip file which is actually a polyglot file containing a bait document and a JavaScript file. An executable file, which paves the way for the execution of the SmokeLoader malware, is then launched using the JavaScript code.

CERT-UA attributed this activity to a threat actor identified as UAC-0006, describing this as a financially motivated operation designed to steal login credentials and make fraudulent money transfers.

SmokeLoader was first discovered in 2011. It is a loader whose main purpose is to download or load a more stealthy or effective malware onto infected systems.