Cybercriminals Deliver WikiLoader Malware Through Fake VPN Ads: Higher Ed and Transport Sectors Targeted

Cybercriminals are using SEO poisoning to disguise WikiLoader malware as GlobalProtect VPN software. This clever ruse positions their malicious pages at the top of search results, tricking users into downloading malware. The campaign particularly targets the US education and transportation sectors and Italian organizations.

3P
Published: September 3, 2024 6:38 pmAdded: September 3, 2024 at 12:11 pmAssembled by: The Editor
Pro Dashboard

Hot Take:

Just when you thought browsing the internet was safe, cybercriminals decided to make “Googling” your way to malware a thing. Thanks, SEO poisoning, for turning our search engines into a minefield!

Key Points:

  • Cybercriminals are posing as sellers of the GlobalProtect VPN software from Palo Alto Networks.
  • The attackers are using SEO poisoning to distribute WikiLoader malware.
  • WikiLoader, also known as WailingCrab, is a downloader malware first identified in 2022.
  • The campaign has largely impacted the US higher education and transportation sectors, and organizations in Italy.
  • SEO poisoning helps malware bypass endpoint controls by spoofing trusted security software.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?