image credit: Unsplash

New WinTapix.sys Malware Engages in Multi-Stage Attack Across Middle East

May 23, 2023

An unknown threat actor has been observed leveraging a malicious Windows kernel driver in attacks likely targeting the Middle East since at least May 2020.

Fortinet Fortiguard Labs, which dubbed the artifact WINTAPIX (WinTapix.sys), attributed the malware with low confidence to an Iranian threat actor.

“WinTapix.sys is essentially a loader,” security researchers Geri Revay and Hossein Jazi said in a report published on Monday. “Thus, its primary purpose is to produce and execute the next stage of the attack. This is done using a shellcode.”

Read More on The Hacker News