Ukraine hit by SmokeLoader malware, CERT-UA warns
The Computer Emergency Response Team of Ukraine (CERT-UA) explained that the SmokeLoader malware is being distributed as part of an ongoing phishing campaign.
According to a notice by CERT-UA, the emails are sent using compromised accounts and come with a zip file which is actually a polyglot file containing a bait document and a JavaScript file. An executable file, which paves the way for the execution of the SmokeLoader malware, is then launched using the JavaScript code.
CERT-UA attributed this activity to a threat actor identified as UAC-0006, describing this as a financially motivated operation designed to steal login credentials and make fraudulent money transfers.
SmokeLoader was first discovered in 2011. It is a loader whose main purpose is to download or load a more stealthy or effective malware onto infected systems.
About author
DW Team
The GIP Digital Watch Observatory team, consisting of over 30 digital policy experts from around the world, excels in the fields of research and analysis on digital policy issues. The team is backed by the creative prowess of Creative Lab Diplo and the technical expertise of the Diplo tech team.