New WikiLoader Malware Attack Utilizing Fake GlobalProtect VPN Software - Velox Systems

New WikiLoader Malware Attack Utilizing Fake GlobalProtect VPN Software

A pictorial of malware disguised as GlobalProtect software initiating an attack of an organization.

 

In recent malware news, there is a new WikiLoader malware attack utilizing fake GlobalProtect VPN software. This new campaign spoofs Palo Alto Networks’ GlobalProtect VPN software to deliver a variant of the WikiLoader loader through a search engine optimization (SEO) tactic. First observed in June 2024, this campaign marks a shift from traditional phishing emails to SEO poisoning. In April, South Korean cybersecurity firm AhnLab reported a similar attack that distributes malware via a trojanized Notepad++ plugin. “Attackers often use SEO poisoning as an initial access vector, tricking users into visiting pages that spoof legitimate search results to deliver malware,” explained Unit 42 researchers Mark Lim and Tom Marsden.

 

Malware Attack Utilizing Fake Software

This attack occurs when users search for GlobalProtect software. They are then shown malicious Google ads. Clicking these ads redirects them to a fake GlobalProtect download page. Once at this page, the infection initiates. To appear more legitimate, a fake error message is displayed, claiming certain libraries are missing from the system. The attackers further disguise their malware by using renamed versions of legitimate software to sideload it. This disclosure of a novel attack method comes shortly after Trend Micro uncovered a similar campaign targeting users in the Middle East with fake GlobalProtect VPN software.

 

New Novel Attack Methods and How to Protect

Hackers are utilizing fake software to gain entrance to organizations. New novel attack methods are prevalent. Thus, cybersecurity experts must stay not only vigilant, but continually educated, to help keep their clients safe and up to date on new entrance methods.

Velox Systems prides itself on staying up to date on attacks like these, new methods malicious actors use to gain entrance, and how to keep you and your organization safe. Let’s start the discussion today on how you can rest assured from attacks like these 24/7, while keeping your productivity high.

 

Let’s talk and get you defended against an attack, vs picking up the pieces after a breach!