The sophisticated WikiLoader installs 2nd malware with unique evasion and code implementation for elusive detection and analysis. Since December 2022, security researchers at Proofpoint found 8 campaigns spreading WikiLoader 2022 via email attachments like:- Excel OneNote PDFs Moreover, it’s been observed that there are two threat actors actively spreading WikiLoader malware:- TA544 TA551 While the threat group TA544 still uses macro docs for delivering WikiLoader, unlike other cybercriminals.
Source: GBHackers