Cybercriminals Deliver WikiLoader Malware Through Fake VPN Ads: Higher Ed and Transport Sectors Targeted
Cybercriminals are using SEO poisoning to disguise WikiLoader malware as GlobalProtect VPN software. This clever ruse positions their malicious pages at the top of search results, tricking users into downloading malware. The campaign particularly targets the US education and transportation sectors and Italian organizations.
Hot Take:
Just when you thought browsing the internet was safe, cybercriminals decided to make “Googling” your way to malware a thing. Thanks, SEO poisoning, for turning our search engines into a minefield!
Key Points:
- Cybercriminals are posing as sellers of the GlobalProtect VPN software from Palo Alto Networks.
- The attackers are using SEO poisoning to distribute WikiLoader malware.
- WikiLoader, also known as WailingCrab, is a downloader malware first identified in 2022.
- The campaign has largely impacted the US higher education and transportation sectors, and organizations in Italy.
- SEO poisoning helps malware bypass endpoint controls by spoofing trusted security software.
Membership Required
You must be a member to access this content.