Malware, Vulnerability Management, Email security

E-commerce targeted by GuLoader malware attacks

E-commerce organizations in the U.S., South Korea, Saudi Arabia, Japan, Taiwan, and Germany are being subjected to ongoing GuLoader malware attacks that involved the use of Nullsoft Scriptable Install System executables rather than malicious Word documents for malware distribution, according to The Hacker News. Threat actors behind the new GuLoader phishing campaign leveraged ZIP or ISO image-embedded NSIS files to facilitate malware infection while evading detection, with the NSIS scripts evolving in obfuscation and encryption capabilities during the past year, a report from Trellix revealed. Utilization of NSIS executables for malware deployment represents malicious actors' transition to various approaches for malware distribution since Microsoft blocked macros by default in internet-downloaded Office files. "The migration of GuLoader shellcode to NSIS executable files is a notable example to show the creativity and persistence of threat actors to evade detection, prevent sandbox analysis and obstruct reverse engineering," said Trellix researcher Nico Paulo Yturriaga.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.