HijackLoader Malware Attack Windows Via Weaponized PNG Image

In a recent cybersecurity breakthrough, researchers have unveiled significant updates to the HijackLoader malware, a sophisticated modular loader notorious for delivering a variety of malicious payloads.

The malware has been updated to deploy threats such as Amadey, Lumma Stealer, Racoon Stealer v2, and Remcos RAT, showcasing an alarming versatility in its operations.

HijackLoader has evolved to incorporate a novel technique involving using a PNG image to decrypt and initiate the loading of subsequent stages.

This method is part of a broader strategy that includes dynamic API resolution, meticulous blocklist process checking, and evasion of user mode hooks, highlighting the malware’s increasing sophistication in avoiding detection.

The updates also introduce new modules designed to enhance the malware’s functionality. These include capabilities for creating processes, bypassing User Account Control (UAC), adding exclusions to Windows Defender, and writing files, thereby expanding the malware’s ability to compromise and control infected systems ...