
In recent months, a notorious malware downloader named WikiLoader has emerged as a severe threat to Italian organizations. Developed by the financially-motivated threat actor TA544, WikiLoader employs various evasion techniques to avoid detection. This loader serves as a delivery mechanism for the infamous Ursnif banking Trojan, a favorite of TA544. Multiple campaigns distributing WikiLoader have been observed since December 2022,