Security News > 2024 > June > New Unfurling Hemlock threat actor floods systems with malware
A threat actor tracked as Unfurling Hemlock has been infecting target systems with up to ten pieces of malware at the same time in campaigns that distribute hundreds of thousands of malicious files.
Security researchers describe the infection method as a "Malware cluster bomb" that allows the threat actor to use one malware sample that spreads additional ones on the compromised machine.
The attacks begin with the execution of a file named 'WEXTRACT.EXE' that arrives on target devices either via malicious emails or malware loaders that Unfurling Hemlock has access to by contracting their operators.
KrakenLabs has seen between four and seven stages, meaning that the number of steps and amount of malware delivered during Unfurling Hemlock attacks varies.
Enigma Packer: An obfuscation tool used to pack and hide the actual malware payloads, making malware detection and analysis more difficult for security solutions.
New Medusa malware variants target Android users in seven countries.
News URL
Related news
- Linux systems targeted with stealthy “Perfctl” cryptomining malware (source)
- GoldenJackal Target Embassies and Air-Gapped Systems Using Malware Toolsets (source)
- European govt air-gapped systems breached using custom malware (source)
- Moscow-adjacent GoldenJackal gang strikes air-gapped systems with custom malware (source)
- OpenAI confirms threat actors use ChatGPT to write malware (source)