Cisco’s Talos security team spotted new version and malicious activity of Smoke Loader, a malicious app used to load other malware.
The malware threat is described in a recent Talos blog:
“Smoke Loader is primarily used as a downloader to drop and execute additional malware like ransomware or cryptocurrency miners. Actors using Smoke Loader botnets have posted on malware forums attempting to sell third-party payload installs. This sample of Smoke Loader did not transfer any additional executables, suggesting that it may not be as popular as it once was, or it’s only being used for private purposes.”
Talos said they haven’t seen real-world malware activity using this, other than recent RIG Exploit Kit-based campaign they released just last week.
The infection vector was a phishing email with an attached malicious Microsoft Word document.