A previously undocumented polyglot malware is being deployed in attacks against aviation, satellite communication, and critical transportation organizations in the United Arab Emirates.

The malware delivers a backdoor called Sosano, which establishes persistence on the infected devices and allows the attackers to execute commands remotely.

The activity was discovered by Proofpoint in October 2024, which states that the attacks are linked to a threat actor named ‘UNK_CraftyCamel.’ While the campaign is still small, the researchers report that it is still advanced and dangerous to targeted companies.