New Wslink Malware Loader Runs as a Server and Executes Modules in Memory

Cyber Security

Products You May Like

Cybersecurity researchers on Wednesday took the wraps off a “simple yet remarkable” malware loader for malicious Windows binaries targeting Central Europe, North America and the Middle East.

Codenamed “Wslink” by ESET, this previously undocumented malware stands apart from the rest in that it runs as a server and executes received modules in memory. There are no specifics available on the initial compromise vector and there are no code or operational overlaps that tie this tool to a known threat actor group.

Automatic GitHub Backups

The Slovak cybersecurity firm noted that it has seen only a handful of detections in the past two years, suggesting that it could be used in highly-targeted cyber infiltrations.

Wslink is designed to run as a service and can accept encrypted portal executable (PE) files from a specific IP address, which is then decrypted and loaded into memory prior to the execution. To achieve this, the client (i.e., the victim) and the server perform a handshake that involves the exchange of cryptographic keys necessary to encrypt the modules using AES.

“Interestingly, the modules reuse the loader’s functions for communication, keys and sockets; hence they do not have to initiate new outbound connections,” ESET researcher Vladislav Hrčka said. “Wslink additionally features a well-developed cryptographic protocol to protect the exchanged data.”

The findings come as researchers from Zscaler and Cisco Talos disclosed yet another malware loader called SQUIRRELWAFFLE that’s distributed via spam email campaigns to deploy Qakbot and Cobalt Strike on compromised systems.

Products You May Like

Articles You May Like

U.S. Seizes Domains Used by AI-Powered Russian Bot Farm for Disinformation
Samsung Galaxy Z Fold 6, Z Flip 6, Galaxy Watch 7, Watch Ultra and Galaxy Buds 3 Series Prices in India Announced
iPhone Could Reportedly Get Apple Intelligence and Siri Features in Spring 2025 With iOS 18.4 Update
Poco M6 Plus 5G Price in India, Design Leaked; Tipped to Run on Snapdragon 4 Gen 2 SoC
Apple Arcade Adds Temple Run: Legends, Vampire Survivors+ and a Vision Pro Spatial Title in August

Leave a Reply

Your email address will not be published. Required fields are marked *