6/ TAG-150 also deploys other malware families, including #SectopRAT, #WarmCookie, #HijackLoader, and #NetSupportRAT, as well as numerous stealers: #Stealc, #RedLine, #Rhadamanthys, #DeerStealer, #MonsterV2, and more.

Pirated games are a new cyber weapon.

Attackers spread HijackLoader malware via trusted piracy sites, bypassing SmartScreen + Adblockers.

Paxion offers proactive defense against evolving threats.

🔒 Stay protected. Don’t take risks.
#CyberSecurity #HijackLoader #PiratedGames

Comprehensive analysis of #HijackLoader
by Ryan Weil

www.trellix.com/blogs/resear...

Red Canary on X: "Last month we noticed a surprising payload combination in some paste and run (aka ClickFix and fakeCAPTCHA) campaigns: HijackLoader dropping the Arechclient2 RAT. 🐀 💡 Learn more about Arechclient2 and the rest of the month's top 10 threats in our April Intelligence Insights: https://t.co/TRLwhgIknY" / X Last month we noticed a surprising payload combination in some paste and run (aka ClickFix and fakeCAPTCHA) campaigns: HijackLoader dropping the Arechclient2 RAT. 🐀 💡 Learn more about Arechclient2 and the rest of the month's top 10 threats in our April Intelligence Insights: https://t.co/TRLwhgIknY

We identified this malware as #HijackLoader, with the final payload being Arechclient2 RAT. This combination has been previously observed by RedCanary here: x.com/redcanary/st...

A complete analysis of HijackLoader is beyond the scope of this thread, but stay tuned for long-form content 👀

6/8🧵

Hijack Loader Strikes Again: Malware’s New Tricks Leave Cybersecurity Experts in a Tizzy! Hijack Loader, the malware you never wanted, is back with new tricks. This pesky loader now uses call stack spoofing to hide its tracks, making it harder to catch. It's like a digital magician, but instead of pulling rabbits from hats, it's pulling a vanishing act on your cybersecurity defenses.

Hijack Loader Strikes Again: Malware’s New Tricks Leave Cybersecurity Experts in a Tizzy!

Hijack Loader updated! Now with call stack spoofing and anti-VM checks. Evade detection like a pro while delivering malicious payloads. Stay alert! #HijackLoader
thenimblenerd.com?p=1041429

The latest release for ACCE is available with updated support for #HijackLoader #GuLoader #VeilShell #CakeDropper and more. www.ciphertechsolutions.com/acce-release...

Analysis BackupMakeLu_debug.zip (MD5: E27BEC0594C49EB8974C2506A657B74D) Malicious activity - Interactive analysis ANY.RUN Interactive malware hunting service. Live testing of most type of threats in any environments. No installation and no waiting necessary.

That last image from my original post is malware persistent on my infected lab host. C2 traffic for this infection is amenstilo[.]website.

I submitted the persistent files to #AnyRun, and that was also tagged as #Hijackloader

app.any.run/tasks/0dd2a8...

2024-11-25 (Monday): What's that winningwriters[.]com? You want me to paste some script into a run window? Sure thing! Hope my lab host doesn't get infected...

Oh my! It got infected.

I could also replicate the entire thing on Any.Run, which tags it as #hijackloader

app.any.run/tasks/fe0e9b...

HijackLoader Malware Attack Windows Via Weaponized PNG Image
gbhackers.com/hijackloader...
#Infosec #Security #Cybersecurity #CeptBiro #HijackLoader #MalwareAttack #Windows #PNGImage

Hijack Loader Malware Employs Process Hollowing, UAC Bypass in Latest Version A newer version of the Hijack Loader malware has been observed with updated anti-analysis techniques to evade detection.

🚨 Alert! The new version of #HijackLoader is stealthier than ever with advanced modules designed to outsmart detection tools.
It can now:
✅ Exclude Windows Defender
✅ Bypass UAC
✅ Evade API hooking
✅ Employ process hollowing

thehackernews.com/2024/05/hija... #cybersecurity

Our latest Release notes for ACCE v2.2.20231027 are live. www.ciphertechsolutions.com/acce-release... #LoreCrypter #RecordBreaker #ChargeWeapon #REF5961 #GuLoader #HijackLoader