Summary: A novel polyglot malware, known as Sosano, is targeting aviation, satellite communication, and transportation sectors in the UAE, enabling attackers to execute commands remotely on infected devices. Discovered by Proofpoint in October 2024, the attacks are linked to a threat actor named ‘UNK_CraftyCamel’ and exhibit a cyber-espionage focus. Utilizing sophisticated evasion techniques, the malware is delivered via spear-phishing emails, exploiting multiple file formats to bypass security measures.
Affected: Organizations in aviation, satellite communication, and critical transportation in the United Arab Emirates
Keypoints :
- Polyglot malware allows malicious payloads to be hidden within legitimate file formats, evading detection by security software.
- The attack sequence begins with a spear-phishing email leading to a spoofed domain, prompting users to download a ZIP file containing the malware.
- Defensive measures against such threats include email scanning, user education, and blocking risky file types at the email gateway.