Tag: hijackloader

10 Attack Reports | 0 Vulnerabilities

Attack reports

LATAM baited into the delivery of PureHVNC

Between August and October 2025, a phishing campaign targeted Colombian users with emails impersonating the Attorney General's office. The emails contained links to download a malicious file, initiating an infection chain using Hijackloader to deliver PureHVNC Remote Access Trojan (RAT). The campai…
phishing
hijackloader
purehvnc
2025-10-31
Published: October 31, 2025
Downloadable IOCs: 30

Dissecting YouTube's Malware Distribution Network

Check Point Research uncovered a sophisticated malware distribution campaign operating on YouTube, dubbed the YouTube Ghost Network. This network utilizes over 3,000 malicious videos to spread malware, primarily targeting users seeking game cheats and pirated software. The operation involves compro…
rhadamanthys
redline
youtube
compromised accounts
hijackloader
stealc
lumma
2025-10-23
0debug
ghost network
Published: October 23, 2025
Downloadable IOCs: 0

Deconstructing a Cyber Deception: An Analysis of the Clickfix HijackLoader Phishing Campaign

This analysis delves into the HijackLoader malware campaign, which has gained prominence since 2023 for its sophisticated payload delivery and evasion techniques. The campaign initiates with a CAPTCHA-based phishing attack, progressing through multiple stages of obfuscated PowerShell scripts. It em…
obfuscation
phishing
powershell
infostealer
hijackloader
lumma
deerstealer
anti-vm
multi-stage
castleloader
2025-09-12
castlebot
nekostealer
Published: September 12, 2025
Downloadable IOCs: 14

CastleLoader Analysis

CastleLoader, a versatile malware loader, has infected 469 devices since May 2025 using Cloudflare-themed ClickFix phishing and fake GitHub repositories. It delivers information stealers and RATs, with a 28.7% infection rate. The malware employs sophisticated techniques, including PowerShell and Au…
phishing
powershell
malware loader
redline
autoit
hijackloader
c2
rats
stealc
github
netsupport rat
deerstealer
sectoprat
information stealers
2025-08-13
payload delivery
castleloader
u.s. government
Published: August 13, 2025
Downloadable IOCs: 0

Operation Endgame 2.0

International law enforcement agencies have taken additional actions in Operation Endgame, targeting cybercriminal organizations, particularly those behind DanaBot. DanaBot is a powerful modular malware family written in Delphi, capable of keylogging, capturing screenshots, recording desktop videos…
espionage
darkgate
ddos
danabot
malware-as-a-service
smokeloader
hijackloader
operation endgame
keylogger
targeted attacks
lumma
globeimposter
cactus
2025-05-23
Published: May 23, 2025
Downloadable IOCs: 9

The Wagmi Manual: Copy, Paste, and Profit

The Wagmi traffer group, operating since early 2023, specializes in NFT scams and cryptocurrency theft. They utilize sophisticated social engineering tactics, fake web3-themed games, and impersonation of legitimate projects to lure victims. Their operations have allegedly earned over $2.4 million b…
social engineering
lummac2
rhadamanthys
hijackloader
cryptocurrency theft
2025-04-08
nft scams
Published: April 8, 2025
Downloadable IOCs: 96

New HijackLoader Evasion Tactics

HijackLoader, a malware loader discovered in 2023, has evolved with new modules and evasion tactics. Recent updates include call stack spoofing to mask function call origins, virtual machine detection to identify analysis environments, and persistence establishment via scheduled tasks. The loader n…
evasion
persistence
modular
hijackloader
anti-vm
2025-03-31
virtual machine detection
call stack spoofing
Published: March 31, 2025
Downloadable IOCs: 0

HijackLoader evolution: abusing genuine signing certificates

A report by HarfangLab EDR and MITRE ATT&CK on the threat posed by the Lumma Stealer malware, published on 11 October, 2024, outlines the tactics used to deploy the malware.
loader
powershell
lumma stealer
infection chain
dll sideloading
hijackloader
installer
path
samples
lumma
2024-10-15
zip archive
sha256
fake captcha
harfanglab edr
hider
gate
Published: October 15, 2024
Downloadable IOCs: 69

Likely eCrime Actor Capitalizing on Falcon Sensor Issues

A cybercrime group has leveraged a content update issue with the CrowdStrike Falcon sensor to distribute malicious files targeting Latin American customers. The campaign involves a ZIP archive named 'crowdstrike-hotfix.zip' containing a HijackLoader payload that loads RemCos malware, using Spanish …
phishing
remcos
hijackloader
2024-07-29
falcon
latam
Published: July 29, 2024
Downloadable IOCs: 14

New Hijack Loader Variant: Uses Process Hollowing, Has Enhanced Anti-Evasion Capabilities

loader
rhadamanthys
2024-05-23
api hooking
hijackloader
hijack loader
yara
tracker
suricata
loader variant
has enhanced
png image
user account
april
Published: May 23, 2024
Downloadable IOCs: 9
Click here to see more Attack Reports