More threat actors have been leveraging the new modular HijackLoader malware loader in their attacks despite its lack of advanced functionality, The Hacker News reports.
Aside from enabling the use of various code injection and execution modules not possible in most malware loaders, HijackLoader, which was initially identified in July, also utilizes numerous techniques to evade detection, including syscalls and deferred code execution at various attack stages, a Zscaler ThreatLabz report revealed. Moreover, HijackLoader achieves persistence through a Windows Startup folder-based shortcut file that redirects to a Background Intelligent Transfer Service.
A separate report from Flashpoint showed the emergence of an updated RisePro information-stealing malware variant that has been touted to combine the prowess of the Vidar and RedLine infostealers.
"And this time, the seller also promises a new advantage for users of RisePro: customers host their own panels to ensure logs are not stolen by the sellers," said Flashpoint.
