The authors of the malware load a new Wi-Fi scanning malware called Whiffy Recon onto compromised Windows machines.
This new strain of malware uses Google’s location service to re-direct its victims to the adversary.
The company describes the malware in terms of what it can do: SmokeLoader, as the name implies, is a loader malware whose sole purpose is to drop additional payloads onto a host.
It works by checking for the WLAN AutoConfig service on an infected system and terminating itself if the service name doesn’t exist.
The second phase of the attack involves scanning for wireless access points via the Windows WLAN API every 60 seconds.
According to the threat team, this vulnerability enables attackers to discover and execute additional malicious payloads on a host.
๐ Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐๏ธ
If not, consider contributing to my caffeine supply at Buy Me a Coffee โ๏ธ.
Your clicks = cosmic support for more awesome content! ๐๐
Leave a Reply