Wapomi is a polymorphic file-infecting worm that spreads through removable drives, network shares, and infected executables. It downloads additional payloads, including information stealers and adware, and modifies system files to maintain persistence. Wapomi is commonly seen in large outbreaks across organizations with weak USB controls and unpatched systems.
This family has been observed using the following ATT&CK techniques: T1091 T1547.001
Wapomi is a polymorphic file-infecting worm that spreads through removable drives, network shares, and infected executables. It downloads additional payloads, including information stealers and adware, and modifies system files to maintain persistence. Wapomi is commonly seen in large outbreaks across organizations with weak USB controls and unpatched systems.
Wapomi (Viking) is a file-infecting worm spreading through network shares, removable media, and infected executables.
Modified executables across the system, network share scanning traffic, and AV detections for Wapomi, Pioneer, or Viking are diagnostic.
If you suspect this malware on your system, do not attempt manual removal. Contact SystemHelpdesk expert MSP support at 855-783-7555 for professional incident response guidance.
Get this profile as JSON: https://jordanricky1604-ship-it.github.io/malware-families-catalog/api/wapomi.json
This profile is part of the Malware Families Catalog, a public dataset of 2,899 malware families extracted from the EMBER 2018 benchmark. The catalog is also published on Hugging Face and Kaggle.