Analysis of TraderTraitor’s GopherGrabber Malware observed by Willo Campaign
Contents
✅ Report Title:
Detailed Analysis of TraderTraitor’s GopherGrabber Malware observed by Willo Campaign
The S2W Threat Intelligence Center has published an analysis report on the Willo Campaign, which is linked to the North Korean-backed APT group TraderTraitor. This report provides advanced threat intelligence on the GopherGrabber malware, which has been difficult to identify in previous cases.
✅ Executive Summary:
1) Supply Chain Attack
The malicious packages associated with the Willo Campaign were first distributed through the official NPM repository in June 2024.
- cors-app: A loader that imports the “cors-parser” package.
- cors-parser: A malicious package containing the index.js script responsible for executing the actual malicious activities.
2) Fake Installer
In July 2024, an installer disguised as the setup program for a service called “Versus X” was distributed, with GopherGrabber as the final payload.
The S2W Threat Intelligence Center has identified and tracked GopherGrabber, a malicious code distributed as a directly executable source code in the form of a Go …
Detailed Analysis of TraderTraitor’s GopherGrabber Malware observed by Willo Campaign
The S2W Threat Intelligence Center has published an analysis report on the Willo Campaign, which is linked to the North Korean-backed APT group TraderTraitor. This report provides advanced threat intelligence on the GopherGrabber malware, which has been difficult to identify in previous cases.
✅ Executive Summary:
1) Supply Chain Attack
The malicious packages associated with the Willo Campaign were first distributed through the official NPM repository in June 2024.
- cors-app: A loader that imports the “cors-parser” package.
- cors-parser: A malicious package containing the index.js script responsible for executing the actual malicious activities.
2) Fake Installer
In July 2024, an installer disguised as the setup program for a service called “Versus X” was distributed, with GopherGrabber as the final payload.
The S2W Threat Intelligence Center has identified and tracked GopherGrabber, a malicious code distributed as a directly executable source code in the form of a Go …