Security Researchers Ring Alarm Bells Over New Payload That Can Determine Infected PC Locations

Security experts are raising the alarm against a malware strain that may have been amongst us for years but it’s now functioning in a manner that can determine the exact location of infected computers.

Dubbed Smoke Loader, this is getting increased hype and sales across various cybercriminal forums, and for years, it’s been a popular venture for Russian hackers too. In most cases, you’ll see it loading malware and that gives hackers the liberty to hijack Windows PCs.

During the start of this month, many security researchers saw the malware rolling out payloads called Whiffy Recon. And each minute, we see that infecting systems through easily accessible WiFi locations to attain an API from Google’s Geolocation. After being returned to an adversary, it’s able to carry out its actions.

Such a feature that comes under the triangulation heading is not commonly noticed in the world of hacking. But seeing it determining locations of infected PCs is definitely eyebrow-raising behavior. With the help of Google Maps API, we’re seeing it have its coordinates returned through public data attained from different internet locations available to the public.

Now experts are trying to determine what exactly is the real purpose of this Whiffy Recon. Whatever the reason may be, it’s baffling to see such locations being at the hands of attackers who can target anyone at any given point in time and even generate demands that put victims under pressure.

On most occasions, hackers and criminals don’t make use of this kind of technology to carry out their capabilities. After all, it does not have the power to monetize at a swift pace. But one thing is for sure. The thing that’s bothersome is how the technology can be used to offer support to any kind of dubious activity or intentions.

Researchers went on to mention how this Smoke Loader ends up targeting users in regions such as Germany, the US, France, and even the UK. Moreover, it has the tendency to come through via phishing schemes as well.

To better detect this ordeal, experts are also speaking about how infected payloads continue to remain on computers by producing shortcuts via Startup Folders.

This is usually removed to stop malware from carrying out its activity on the PC’s startup. But users need to be aware of how there’s no right way to track or remove data that’s sent out.


Read next: A Deep Dive Into The Unseen Networks, Undersea Cables and Surveillance
Previous Post Next Post