SmokeLoader Malware Using Weaponized 7z Archive to Distribute Infostealers

The presence of this campaign highlights the continued evolution of financially motivated threat actors who leverage increasingly sophisticated techniques to deliver their malicious payloads while evading security controls. Once executed, SmokeLoader exhibits modular capabilities including credential theft from browsers, remote command execution from its C2 server, and process injection techniques for evading detection and analysis. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. G Data Software security researchers identified that the infection begins with a deceptive email containing a 7z archive named ‘Платіжна_інструкция.7z’ (Payment_instruction). Attackers are using weaponized 7z archives as the initial attack vector, leading to the deployment of infostealer malware through a complex infection chain. This loader serves as the distribution mechanism for infostealers including CryptBot and Lumma, with the current campaign specifically chaining it with SmokeLoader malware. Critical vulnerabilities in Google's Quick Share file transfer utility for Windows allowed attackers to achieve remote code execution (RCE) without user interaction. A sophisticated malware campaign leveraging SmokeLoader has been identified targeting the First Ukrainian International Bank. The attack leverages a modified version of Windows’ built-in DCCW.exe (Display Color Calibration Wizard), exemplifying a LOLBAS technique that minimizes detection footprint. Organizations should implement robust endpoint security, EDR solutions, and network monitoring to detect such LOLBAS techniques. Tushar is a Cyber security content editor with a passion for creating captivating and informative content. The attack employs a stealthy malware loader known as Emmenhtal, active since early 2024.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 03 Apr 2025 12:20:33 +0000


Cyber News related to SmokeLoader Malware Using Weaponized 7z Archive to Distribute Infostealers

SmokeLoader Malware Using Weaponized 7z Archive to Distribute Infostealers - The presence of this campaign highlights the continued evolution of financially motivated threat actors who leverage increasingly sophisticated techniques to deliver their malicious payloads while evading security controls. Once executed, SmokeLoader ...
1 month ago Cybersecuritynews.com
Ukraine cyber officials warn of a 'surge' in Smokeloader attacks on financial, government entities - Suspected Russian cybercriminals have increased their attacks against Ukrainian financial and government organizations using Smokeloader malware, according to Ukrainian cybersecurity officials. Since May of this year, the malware operators have ...
1 year ago Therecord.media
Why Infostealers are Stealing the Security Spotlight - The threat from Malware continues to escalate with infostealers, an increasingly popular variant. Research found that 24% of malware is now infostealers, and it's now one of the most popular topics on the cybercriminal underground. The malicious ...
1 year ago Cybersecurity-insiders.com
Alleged SmokeLoader malware operator facing federal charges in Vermont | The Record from Recorded Future News - Last week, officials from Europol announced follow-up actions to a massive botnet takedown codenamed Operation Endgame in May 2024, which shut down the biggest malware droppers, including IcedID, SystemBC, Pikabot, Bumblebee and SmokeLoader. From at ...
1 month ago Therecord.media
Authorities Seized Smokeloader Malware Operators & Seized Servers - According to Europol, the suspects were identified through a critical database seized during the initial phase of Operation Endgame in May 2024, which contained user records linking online identities to real-world individuals. Law enforcement ...
1 month ago Cybersecuritynews.com
Police detains Smokeloader malware customers, seizes servers - A database seized during Operation Endgame included customers registered for Smokeloader botnet services, allowing officers to track down cybercriminals by linking their online aliases to real-life individuals. In follow-up activity for Operation ...
1 month ago Bleepingcomputer.com
Multi-Malware 'Cluster Bomb' Campaign Drops Widespread Cyber Havoc - The attacker's approach essentially involves using compressed Microsoft Cabinet files nested within other compressed CAB files - sometimes as many as seven - to distribute a variety of information stealers and malware loaders on victim systems. ...
11 months ago Darkreading.com
Types of Malware and How To Prevent Them - Malware is one of the biggest security threats to any type of technological device, and each type of malware uses unique tactics for successful invasions. Even if you've downloaded a VPN for internet browsing, our in-depth guide discusses the 14 ...
11 months ago Pandasecurity.com
How to Remove Malware + Viruses - Malware removal can seem daunting after your device is infected with a virus, but with a careful and rapid response, removing a virus or malware program can be easier than you think. We created a guide that explains exactly how to rid your Mac or PC ...
1 year ago Pandasecurity.com
PixPirate: The Brazilian financial malware you can't see, part one - The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan malware that heavily utilizes anti-research techniques. Within IBM Trusteer, we saw several different ...
1 year ago Securityintelligence.com
Top 10 Best Dynamic Malware Analysis Tools in 2025 - FireEye Malware AnalysisEnterprise-grade solution, zero-day detection, integration with threat intelligence, memory forensics.Enterprise-grade malware detection and forensicsPricing details not publicly available; contact for quote.Yes6. Detux ...
3 months ago Cybersecuritynews.com
Agenda Ransomware Group Upgraded Their Arsenal With SmokeLoader and NETXLOADER - The attack chain begins with NETXLOADER, progresses through SmokeLoader, and culminates with the deployment of Agenda ransomware, creating a multi-stage infection process that maximizes stealth while ensuring effective payload delivery and execution. ...
3 weeks ago Cybersecuritynews.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
1 year ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
1 year ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
1 year ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
1 year ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
1 year ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
1 year ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
1 year ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
1 year ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
1 year ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
1 year ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
1 year ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
1 year ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
1 year ago Cybersecurity-insiders.com