Security News > 2024 > June > New Unfurling Hemlock threat actor floods systems with malware
A threat actor tracked as Unfurling Hemlock has been infecting target systems with up to ten pieces of malware at the same time in campaigns that distribute hundreds of thousands of malicious files.
Security researchers describe the infection method as a "Malware cluster bomb" that allows the threat actor to use one malware sample that spreads additional ones on the compromised machine.
The attacks begin with the execution of a file named 'WEXTRACT.EXE' that arrives on target devices either via malicious emails or malware loaders that Unfurling Hemlock has access to by contracting their operators.
KrakenLabs has seen between four and seven stages, meaning that the number of steps and amount of malware delivered during Unfurling Hemlock attacks varies.
Enigma Packer: An obfuscation tool used to pack and hide the actual malware payloads, making malware detection and analysis more difficult for security solutions.
New Medusa malware variants target Android users in seven countries.