216.73.216.89

SmokeLoader Malware Targets Ukraine's Auto & Banking Sectors via Open Directories

· Published 07/02/2025 00:08 · Modified 07/02/2025 08:22

Export JSON

Essential information

Published
07/02/2025 00:08
Modified
07/02/2025 08:22
Tags
2025-02-07 automotive banking financial lures malware distribution open directories phishing smokeloader ukraine
Related entities
27 observables, 12 techniques (mitre), 1 malware, 3 others

Description

An investigation uncovered hosting malware samples and lure documents targeting 's and sectors. Two servers were identified, containing Windows executables and PDF files posing as invoices from Ukrainian companies. The malware injects into explorer.exe, creates a duplicate in the AppData directory, and communicates with command-and-control servers. The campaign leverages financial-themed lures, impersonating known Ukrainian businesses to increase credibility. The exposed servers reveal the threat actor's staging and distribution methods, providing insight into their operational tactics. This activity demonstrates 's continued use in both cybercrime and espionage-driven attacks against Ukrainian organizations.

External references