A new malware called UULoader is being used by cybercriminals to distribute dangerous tools like Gh0st RAT and Mimikatz, particularly targeting Korean and Chinese speakers. Discovered by the Cyberint Research Team, UULoader is distributed via malicious installers disguised as legitimate applications. The malware’s core files are hidden within a Microsoft Cabinet (.cab) file and use a legitimate binary to sideload a DLL that ultimately deploys the malicious payload.
UULoader often masquerades as software updates, like Google Chrome updates, to deceive users. This tactic is part of a broader trend where threat actors create cryptocurrency-themed lure sites for phishing, targeting users of popular crypto wallets like Coinbase and MetaMask. These sites redirect users to malicious URLs while evading detection by security researchers.
Additionally, phishing campaigns have been abusing platforms like Microsoft’s Dynamics 365 Marketing to create subdomains and send emails that bypass filters, posing as legitimate government entities. The rise of generative AI has also led to the proliferation of scam domains mimicking popular AI tools like ChatGPT.
Overall, UULoader represents a sophisticated threat leveraging social engineering and advanced obfuscation techniques to distribute malware across East Asia.