More sophisticated anti-analysis methods have been integrated into the updated version of the Hijack Loader malware loader, also known as IDAT Loader, to better circumvent security systems as it deploys various malicious payloads, The Hacker News reports.
Intrusions with the new Hijack Loader variant involve PNG image decryption and parsing to facilitate the second-stage loading process that leverages several modules to enable process hollowing, inline hooking and User Account Control bypass, and Windows Defender exclusion, a report from Zscaler ThreatLabz revealed. Moreover, user mode hooks are being evaded by Hijack Loader through the Heaven’s Gate technique.
The findings also showed that the Amadey bot malware was the most prevalently distributed payload by Hijack Loader, followed by LummaC2 Stealer, Meta Stealer, Racoon Stealer v2, Remcos RAT, and Rhadamanthys.
Such a development follows separate reports detailing the deployment of the FakeBat, GuLoader, and DarkGate malware loaders in separate malvertising and phishing attack campaigns.