Phishing attacks using the novel JinxLoader malware loader have been launched to facilitate the deployment of the Formbook and XLoader payloads, reports The Hacker News.
JinxLoader, which has been named after the "League of Legends" character Jinx, has been included in password-protected RAR archive attachments within emails spoofing the Abu Dhabi National Oil Company, according to a report from Symantec.
"JinxLoader's primary function is straightforward loading malware," Symantec noted.
Such a development follows the recent spike in activity of the Rugmi malware loader that has been used to distribute a variety of information-stealing malware, as well as mounting campaigns for the PikaBot and DarkGate payloads. Symantec researchers also recently reported about the emergence of the novel Vortex Stealer capable of exfiltrating a variety of data.
"Stolen information will be archived and uploaded to Gofile or Anonfiles; the malware will also post it onto the author's Discord using webhooks. It's also capable of posting to Telegram via a Telegram bot," said Symantec.
