Securityworks, a US cybersecurity company, has discovered a new feature in the Smoke Loader malware. It turns out that it can use Wi-Fi triangulation to determine the location of an infected PC. This method is rare among hacking tools but could be used to intimidate the victim.
Smoke Loader is malware that has been known to security experts for years. It is designed to download and install additional malware on the PC which in turn allows attackers to take control over the infected system. Recently, researchers from Secureworks discovered a new feature of this malware, which they dubbed Whiffy Recon. It determines the location of an infected PC every minute by analyzing signals from nearby WiFi access points. To do this, Whiffy Recon uses the Google Maps Geolocation API. Designed for devices without built-in GPS, this service uses nearby Wi-Fi hotspots and cell towers to determine the device’s location.
Why do cyber criminals need to know the victim’s location? Secureworks experts suspect that this information can be used to intimidate: for example, to threaten or put pressure on the user if you know where they are.
As noted by Don Smith, Vice President of Secureworks, this malware feature is rarely exploited by cybercriminals. You cannot make a quick win with this feature alone. However, the reality is that any criminal motive can be implemented with it.
To minimize the risks associated with malware, we recommend the following:
- Always update your operating system and software, as new versions often contain patches for vulnerabilities that can be exploited by programs like Smoke Loader;
- Use reliable antivirus software with up-to-date databases to detect and block known cyber threats;
- Be especially careful when opening attachments in emails or clicking links, especially if you do not recognize the sender.
- Finally, you should only download programs and applications from official and trustworthy sources and avoid dubious websites or unofficial platforms.