HQ/EMEAFind out how we can help your business
The latest malicious software loader, HijackLoader, has recently appeared in the threat landscape, becoming one of the most helpful tools for threat actors. The loader became a necessary component for threat actors in their attacks since it could launch various malware families, such as RedLine Stealer, DanaBot, and SystemBC.
The newly discovered tool allegedly possesses a modular architecture that provides its operators with multiple capabilities, such as code injection and execution. Hence, the loader flashes abilities that could make it a severe threat to numerous organisations.
Unfortunately, investigations could not yet identify the initial infection method of the loader. However, the new loader sets itself apart from other malicious software tools since it includes evasion tactics.
The HijackLoader could bypass even the most sophisticated detection tools.
Based on reports, HijackLoader uses syscalls to avoid detection and observes processes linked with its targeted security software. The loader could do these capabilities by relying on an embedded blocklist to identify potential threats.
This software loader also employs a strategy that could ensure its persistence on a targeted host. The process is to generate a shortcut LNK file in the Windows Startup folder that points to a Background Intelligent Transfer job.
Additionally, this tactic allows the malware to persist even when a targeted system undergoes system reboots.
The sudden rise of HijackLoader usage among threat actors causes widespread concern in the cybersecurity landscape. Hence, different organisations in various industries should expect a surge of cybercriminal activities involving loader software.
Other researchers also believe that the HijackLoader malware loader could replace the already-defunct QakBot infrastructure in terms of its services provided to hackers. Therefore, organisations should remain vigilant as threat actors continue to adapt and make their attacks more sophisticated.
The emergence of HijackLoader is a reminder that threat actors will constantly find ways to execute their campaigns. Organisations should remain crafty with their defences and include potent anti-malware solutions to avoid falling victim to these operations.
Staying informed about the TTPs employed by HijackLoader is crucial for every organisation since they could implement corresponding defence mechanisms that could counter its activities.
