Monday, December 6, 2021

Wslink: Unique and undocumented malicious loader that runs as a server

There are no code, functionality or operational similarities to suggest that this is a tool from a known threat actor

ESET researchers have discovered a unique and previously undescribed loader for Windows binaries that, unlike other such loaders, runs as a server and executes received modules in memory. We have named this new malware Wslink after one of its DLLs.

We have seen only a few hits in our telemetry in the past two years, with detections in Central Europe, North America, and the Midd…

Read More

Latest news
Related news