Security experts from AlienVault have spotted a new piece of malware named GZipDe that was used in a cyber-espionage campaign.
GZipDe is downloader that is used by threat actors to fetch other payloads from a server controlled by attackers.
The malware was detected after user from Afghanistan has uploaded a weaponized Word document on VirusTotal service, the document refers to the Shanghai Cooperation Organization Summit.
At the time it is not possible to attribute the malicious code to a specific actor, VirusTotal doesn’t share information about the source of the upload and the target of the attack was not disclosed, the researchers were only able to analyze the sample.
Full Article.