Malware that runs as a server and executes received modules in memory lays bare the structure of an advanced multi-layered virtual machine. Wslink, as the malicious loader is called, was first documented by Slovak cybersecurity company ESET in October 2021. Analysis of the malware samples have yielded little to no clues about the initial compromise vector used, and no code, functionality, or operational similarities have been uncovered to suggest that this is a tool from a previously identified threat actor. The malware package comes with a diverse arsenal of tactics to hamper reverse engineering.”]
Source: https://thehackernews.com/2022/03/experts-detail-virtual-machine-used-by.html