The presence of this campaign highlights the continued evolution of financially motivated threat actors who leverage increasingly sophisticated techniques to deliver their malicious payloads while evading security controls. Once executed, SmokeLoader exhibits modular capabilities including credential theft from browsers, remote command execution from its C2 server, and process injection techniques for evading detection and analysis. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. G Data Software security researchers identified that the infection begins with a deceptive email containing a 7z archive named ‘Платіжна_інструкция.7z’ (Payment_instruction). Attackers are using weaponized 7z archives as the initial attack vector, leading to the deployment of infostealer malware through a complex infection chain. This loader serves as the distribution mechanism for infostealers including CryptBot and Lumma, with the current campaign specifically chaining it with SmokeLoader malware. Critical vulnerabilities in Google's Quick Share file transfer utility for Windows allowed attackers to achieve remote code execution (RCE) without user interaction. A sophisticated malware campaign leveraging SmokeLoader has been identified targeting the First Ukrainian International Bank. The attack leverages a modified version of Windows’ built-in DCCW.exe (Display Color Calibration Wizard), exemplifying a LOLBAS technique that minimizes detection footprint. Organizations should implement robust endpoint security, EDR solutions, and network monitoring to detect such LOLBAS techniques. Tushar is a Cyber security content editor with a passion for creating captivating and informative content. The attack employs a stealthy malware loader known as Emmenhtal, active since early 2024.
This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 03 Apr 2025 12:20:33 +0000