#hijackloader — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #hijackloader, aggregated by home.social.
-
User interaction with a ClickFix-style phishing site resulted in execution of an obfuscated PowerShell command
A ClickFix-style phishing campaign leveraged social engineering to trick users into executing obfuscated PowerShell commands that downloaded and installed a malicious MSI payload from a remote server. The attack employed a sophisticated multi-stage infection chain utilizing DLL sideloading techniques with renamed legitimate binaries to execute malicious components. The final payload deployed HijackLoader to deliver a Lumma-style information stealer designed for credential harvesting and data exfiltration. The campaign utilized multiple command-and-control domains and infrastructure hosted on specific IP addresses. Mitigation measures include blocking identified artifacts, enhancing user awareness about ClickFix social engineering tactics, implementing endpoint detection for suspicious PowerShell activity and unsigned DLL sideloading, and isolating compromised systems for remediation.
Pulse ID: 69f1de85544538ce8b03332a
Pulse Link: https://otx.alienvault.com/pulse/69f1de85544538ce8b03332a
Pulse Author: AlienVault
Created: 2026-04-29 10:33:41Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CredentialHarvesting #CyberSecurity #Endpoint #HijackLoader #ICS #InfoSec #OTX #OpenThreatExchange #Phishing #PowerShell #RAT #SideLoading #SocialEngineering #bot #AlienVault
-
User interaction with a ClickFix-style phishing site resulted in execution of an obfuscated PowerShell command
A ClickFix-style phishing campaign leveraged social engineering to trick users into executing obfuscated PowerShell commands that downloaded and installed a malicious MSI payload from a remote server. The attack employed a sophisticated multi-stage infection chain utilizing DLL sideloading techniques with renamed legitimate binaries to execute malicious components. The final payload deployed HijackLoader to deliver a Lumma-style information stealer designed for credential harvesting and data exfiltration. The campaign utilized multiple command-and-control domains and infrastructure hosted on specific IP addresses. Mitigation measures include blocking identified artifacts, enhancing user awareness about ClickFix social engineering tactics, implementing endpoint detection for suspicious PowerShell activity and unsigned DLL sideloading, and isolating compromised systems for remediation.
Pulse ID: 69f1de85544538ce8b03332a
Pulse Link: https://otx.alienvault.com/pulse/69f1de85544538ce8b03332a
Pulse Author: AlienVault
Created: 2026-04-29 10:33:41Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CredentialHarvesting #CyberSecurity #Endpoint #HijackLoader #ICS #InfoSec #OTX #OpenThreatExchange #Phishing #PowerShell #RAT #SideLoading #SocialEngineering #bot #AlienVault
-
User interaction with a ClickFix-style phishing site resulted in execution of an obfuscated PowerShell command
A ClickFix-style phishing campaign leveraged social engineering to trick users into executing obfuscated PowerShell commands that downloaded and installed a malicious MSI payload from a remote server. The attack employed a sophisticated multi-stage infection chain utilizing DLL sideloading techniques with renamed legitimate binaries to execute malicious components. The final payload deployed HijackLoader to deliver a Lumma-style information stealer designed for credential harvesting and data exfiltration. The campaign utilized multiple command-and-control domains and infrastructure hosted on specific IP addresses. Mitigation measures include blocking identified artifacts, enhancing user awareness about ClickFix social engineering tactics, implementing endpoint detection for suspicious PowerShell activity and unsigned DLL sideloading, and isolating compromised systems for remediation.
Pulse ID: 69f1de85544538ce8b03332a
Pulse Link: https://otx.alienvault.com/pulse/69f1de85544538ce8b03332a
Pulse Author: AlienVault
Created: 2026-04-29 10:33:41Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CredentialHarvesting #CyberSecurity #Endpoint #HijackLoader #ICS #InfoSec #OTX #OpenThreatExchange #Phishing #PowerShell #RAT #SideLoading #SocialEngineering #bot #AlienVault
-
User interaction with a ClickFix-style phishing site resulted in execution of an obfuscated PowerShell command
A ClickFix-style phishing campaign leveraged social engineering to trick users into executing obfuscated PowerShell commands that downloaded and installed a malicious MSI payload from a remote server. The attack employed a sophisticated multi-stage infection chain utilizing DLL sideloading techniques with renamed legitimate binaries to execute malicious components. The final payload deployed HijackLoader to deliver a Lumma-style information stealer designed for credential harvesting and data exfiltration. The campaign utilized multiple command-and-control domains and infrastructure hosted on specific IP addresses. Mitigation measures include blocking identified artifacts, enhancing user awareness about ClickFix social engineering tactics, implementing endpoint detection for suspicious PowerShell activity and unsigned DLL sideloading, and isolating compromised systems for remediation.
Pulse ID: 69f1de85544538ce8b03332a
Pulse Link: https://otx.alienvault.com/pulse/69f1de85544538ce8b03332a
Pulse Author: AlienVault
Created: 2026-04-29 10:33:41Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CredentialHarvesting #CyberSecurity #Endpoint #HijackLoader #ICS #InfoSec #OTX #OpenThreatExchange #Phishing #PowerShell #RAT #SideLoading #SocialEngineering #bot #AlienVault
-
User interaction with a ClickFix-style phishing site resulted in execution of an obfuscated PowerShell command
A ClickFix-style phishing campaign leveraged social engineering to trick users into executing obfuscated PowerShell commands that downloaded and installed a malicious MSI payload from a remote server. The attack employed a sophisticated multi-stage infection chain utilizing DLL sideloading techniques with renamed legitimate binaries to execute malicious components. The final payload deployed HijackLoader to deliver a Lumma-style information stealer designed for credential harvesting and data exfiltration. The campaign utilized multiple command-and-control domains and infrastructure hosted on specific IP addresses. Mitigation measures include blocking identified artifacts, enhancing user awareness about ClickFix social engineering tactics, implementing endpoint detection for suspicious PowerShell activity and unsigned DLL sideloading, and isolating compromised systems for remediation.
Pulse ID: 69f1de85544538ce8b03332a
Pulse Link: https://otx.alienvault.com/pulse/69f1de85544538ce8b03332a
Pulse Author: AlienVault
Created: 2026-04-29 10:33:41Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CredentialHarvesting #CyberSecurity #Endpoint #HijackLoader #ICS #InfoSec #OTX #OpenThreatExchange #Phishing #PowerShell #RAT #SideLoading #SocialEngineering #bot #AlienVault
-
#Hijackloader
"SettlePay - Billing Report.exe" signed by "广州杜倾科技有限公司"
02cbc77d52e12aea6a6c9db36c07d2eccd1af9d39b88b3802b40cb10d088b30cMB: https://bazaar.abuse[.]ch/sample/02cbc77d52e12aea6a6c9db36c07d2eccd1af9d39b88b3802b40cb10d088b30c
-
Operation Endgame 2: 15 Millionen E-Mail-Adressen und 43 Millionen Passwörter | Security https://www.heise.de/news/Operation-Endgame-2-15-Millionen-E-Mail-Adressen-und-43-Millionen-Passwoerter-10396199.html #HaveIBeenPwned #Malware #Ransomware #Hacking #CyberCrime #Bumblebee #Latrodectus #Qakbot #DanaBot #HijackLoader #Warmcookie #Trickbot #Prolock #Doppelpaymer #REvil #Conti #BlackBasta #Cactus #OperationEndgame2
-
Operation Endgame 2: 15 Millionen E-Mail-Adressen und 43 Millionen Passwörter | Security https://www.heise.de/news/Operation-Endgame-2-15-Millionen-E-Mail-Adressen-und-43-Millionen-Passwoerter-10396199.html #HaveIBeenPwned #Malware #Ransomware #Hacking #CyberCrime #Bumblebee #Latrodectus #Qakbot #DanaBot #HijackLoader #Warmcookie #Trickbot #Prolock #Doppelpaymer #REvil #Conti #BlackBasta #Cactus #OperationEndgame2
-
Operation Endgame 2: 15 Millionen E-Mail-Adressen und 43 Millionen Passwörter | Security https://www.heise.de/news/Operation-Endgame-2-15-Millionen-E-Mail-Adressen-und-43-Millionen-Passwoerter-10396199.html #HaveIBeenPwned #Malware #Ransomware #Hacking #CyberCrime #Bumblebee #Latrodectus #Qakbot #DanaBot #HijackLoader #Warmcookie #Trickbot #Prolock #Doppelpaymer #REvil #Conti #BlackBasta #Cactus #OperationEndgame2
-
Operation Endgame 2.0: 20 Haftbefehle, Hunderte Server außer Gefecht gesetzt | Security https://www.heise.de/news/Operation-Endgame-2-0-20-Haftbefehle-Hunderte-Server-ausser-Gefecht-gesetzt-10394215.html #OperationEndgame #OperationEndgame2 #Malware #Ranswomware #Hacking #CyberCrime #Bumblebee #Latrodectus #Qakbot #DanaBot #HijackLoader #Warmcookie #Trickbot #Prolock #Doppelpaymer #REvil #Conti #BlackBasta #Cactus
-
Operation Endgame 2.0: 20 Haftbefehle, Hunderte Server außer Gefecht gesetzt | Security https://www.heise.de/news/Operation-Endgame-2-0-20-Haftbefehle-Hunderte-Server-ausser-Gefecht-gesetzt-10394215.html #OperationEndgame #OperationEndgame2 #Malware #Ranswomware #Hacking #CyberCrime #Bumblebee #Latrodectus #Qakbot #DanaBot #HijackLoader #Warmcookie #Trickbot #Prolock #Doppelpaymer #REvil #Conti #BlackBasta #Cactus
-
Operation Endgame 2.0: 20 Haftbefehle, Hunderte Server außer Gefecht gesetzt | Security https://www.heise.de/news/Operation-Endgame-2-0-20-Haftbefehle-Hunderte-Server-ausser-Gefecht-gesetzt-10394215.html #OperationEndgame #OperationEndgame2 #Malware #Ranswomware #Hacking #CyberCrime #Bumblebee #Latrodectus #Qakbot #DanaBot #HijackLoader #Warmcookie #Trickbot #Prolock #Doppelpaymer #REvil #Conti #BlackBasta #Cactus
-
Analyzing New HijackLoader Evasion Tactics
#HijackLoader
https://www.zscaler.com/blogs/security-research/analyzing-new-hijackloader-evasion-tactics -
BlindEagle APT Group Presents Persistent Threat to Latin American Entities https://thecyberexpress.com/blindeagle-apt-group-latin-america/ #TheCyberExpressNews #CybersecurityNews #TheCyberExpress #FirewallDaily #HijackLoader #LatinAmerica #BlindEagle #Colombia #Ecuador #APTC36 #Chile
-
BlindEagle APT Group Presents Persistent Threat to Latin American Entities https://thecyberexpress.com/blindeagle-apt-group-latin-america/ #TheCyberExpressNews #CybersecurityNews #TheCyberExpress #FirewallDaily #HijackLoader #LatinAmerica #BlindEagle #Colombia #Ecuador #APTC36 #Chile
-
BlindEagle APT Group Presents Persistent Threat to Latin American Entities https://thecyberexpress.com/blindeagle-apt-group-latin-america/ #TheCyberExpressNews #CybersecurityNews #TheCyberExpress #FirewallDaily #HijackLoader #LatinAmerica #BlindEagle #Colombia #Ecuador #APTC36 #Chile
-
網路捷徑檔案安全機制繞過漏洞遭到利用超過一年,攻擊者用於散布數種竊資軟體 | iThome
Link
📌 Summary:
微軟在今年2月例行更新中修補了網路捷徑檔案安全繞過漏洞CVE-2024-21412,但駭客卻利用這項漏洞來散布多種竊資軟體,攻擊範圍涵蓋北美、西班牙和泰國。資安業者Fortinet在分析中發現,攻擊者製作指向特定遠端伺服器的惡意URL檔案,並在受害電腦下載LNK檔案,誘使受害者執行該檔案,從而推進攻擊。研究人員看到駭客使用兩種不同程式碼注入工具來繞過防禦,最終在受害電腦植入竊資軟體。
🎯 Key Points:
1. 微軟在今年2月修補了網路捷徑檔案安全繞過漏洞CVE-2024-21412,但駭客利用它散布竊資軟體。
2. 資安業者Fortinet發現,攻擊者製作指向特定遠端伺服器的惡意URL檔案,並誘使受害者執行以推進攻擊。
3. 研究人員看到駭客使用兩種程式碼注入工具,最終在受害電腦植入竊資軟體。
4. Fortinet發現,駭客利用Steam社群網站作為Dead Drop Resolver來埋藏C2來源。
🔖 Keywords:
#CVE-2024-21412
#Fortinet
#Water Hydra
#Lumma Stealer
#Meduza Stealer
#ACR Stealer
#PowerShell
#HTA指令碼
#Edge主程式圖示
#LNK檔案
#forfiles
#mshta
#Imghippo
#GdipBitmapGetPixel
#HijackLoader
#Steam社群網站
#Dead Drop Resolver
#Docker
#AuthZ
#OpenAI
#GPT-4o mini
#Meta Llama 3 -
Happy Wednesday everyone!
Read this report by CrowdStrike this morning that covered a lot of technical details on the new tactics, techniques, and procedures (TTPs) observed by the researchers when analyzing the #HijackLoader. Now among all the creative or sophistication that went into making this malware more and more evasive, there is an artifact that sticks out to me, and that is execution of .dll's or .exe's out of the C:\Windows\SYSWOW64\ directory. This tells me right away that something suspicious might be happening. Now, if you have 32-bit versions of programs that run in your environment, then this hunt may be a bit harder due to a larger set of false-positives, but if there aren't a lot of false-positives this could be an easy win! Happy Hunting!
HijackLoader Expands Techniques to Improve Defense Evasion
https://www.crowdstrike.com/blog/hijackloader-expands-techniques/#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday #huntoftheday
-
Currently, the exact initial access vector used by HijackLoader to infiltrate targets is unknown.
#Cybersecurity #HijackLoader #Cybercrime #Malware #Cyberthreat
-
HijackLoader Evolves: Researchers Decode the Latest Evasion Methods – Source:thehackernews.com https://ciso2ciso.com/hijackloader-evolves-researchers-decode-the-latest-evasion-methods-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #HijackLoader #Evolves
-
HijackLoader Evolves: Researchers Decode the Latest Evasion Methods – Source:thehackernews.com https://ciso2ciso.com/hijackloader-evolves-researchers-decode-the-latest-evasion-methods-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #HijackLoader #Evolves
-
網路捷徑檔案安全機制繞過漏洞遭到利用超過一年,攻擊者用於散布數種竊資軟體 | iThome
Link
📌 Summary:
微軟在今年2月例行更新中修補了網路捷徑檔案安全繞過漏洞CVE-2024-21412,但駭客卻利用這項漏洞來散布多種竊資軟體,攻擊範圍涵蓋北美、西班牙和泰國。資安業者Fortinet在分析中發現,攻擊者製作指向特定遠端伺服器的惡意URL檔案,並在受害電腦下載LNK檔案,誘使受害者執行該檔案,從而推進攻擊。研究人員看到駭客使用兩種不同程式碼注入工具來繞過防禦,最終在受害電腦植入竊資軟體。
🎯 Key Points:
1. 微軟在今年2月修補了網路捷徑檔案安全繞過漏洞CVE-2024-21412,但駭客利用它散布竊資軟體。
2. 資安業者Fortinet發現,攻擊者製作指向特定遠端伺服器的惡意URL檔案,並誘使受害者執行以推進攻擊。
3. 研究人員看到駭客使用兩種程式碼注入工具,最終在受害電腦植入竊資軟體。
4. Fortinet發現,駭客利用Steam社群網站作為Dead Drop Resolver來埋藏C2來源。
🔖 Keywords:
#CVE-2024-21412
#Fortinet
#Water Hydra
#Lumma Stealer
#Meduza Stealer
#ACR Stealer
#PowerShell
#HTA指令碼
#Edge主程式圖示
#LNK檔案
#forfiles
#mshta
#Imghippo
#GdipBitmapGetPixel
#HijackLoader
#Steam社群網站
#Dead Drop Resolver
#Docker
#AuthZ
#OpenAI
#GPT-4o mini
#Meta Llama 3 -
網路捷徑檔案安全機制繞過漏洞遭到利用超過一年,攻擊者用於散布數種竊資軟體 | iThome
Link
📌 Summary:
微軟在今年2月例行更新中修補了網路捷徑檔案安全繞過漏洞CVE-2024-21412,但駭客卻利用這項漏洞來散布多種竊資軟體,攻擊範圍涵蓋北美、西班牙和泰國。資安業者Fortinet在分析中發現,攻擊者製作指向特定遠端伺服器的惡意URL檔案,並在受害電腦下載LNK檔案,誘使受害者執行該檔案,從而推進攻擊。研究人員看到駭客使用兩種不同程式碼注入工具來繞過防禦,最終在受害電腦植入竊資軟體。
🎯 Key Points:
1. 微軟在今年2月修補了網路捷徑檔案安全繞過漏洞CVE-2024-21412,但駭客利用它散布竊資軟體。
2. 資安業者Fortinet發現,攻擊者製作指向特定遠端伺服器的惡意URL檔案,並誘使受害者執行以推進攻擊。
3. 研究人員看到駭客使用兩種程式碼注入工具,最終在受害電腦植入竊資軟體。
4. Fortinet發現,駭客利用Steam社群網站作為Dead Drop Resolver來埋藏C2來源。
🔖 Keywords:
#CVE-2024-21412
#Fortinet
#Water Hydra
#Lumma Stealer
#Meduza Stealer
#ACR Stealer
#PowerShell
#HTA指令碼
#Edge主程式圖示
#LNK檔案
#forfiles
#mshta
#Imghippo
#GdipBitmapGetPixel
#HijackLoader
#Steam社群網站
#Dead Drop Resolver
#Docker
#AuthZ
#OpenAI
#GPT-4o mini
#Meta Llama 3 -
網路捷徑檔案安全機制繞過漏洞遭到利用超過一年,攻擊者用於散布數種竊資軟體 | iThome
Link
📌 Summary:
微軟在今年2月例行更新中修補了網路捷徑檔案安全繞過漏洞CVE-2024-21412,但駭客卻利用這項漏洞來散布多種竊資軟體,攻擊範圍涵蓋北美、西班牙和泰國。資安業者Fortinet在分析中發現,攻擊者製作指向特定遠端伺服器的惡意URL檔案,並在受害電腦下載LNK檔案,誘使受害者執行該檔案,從而推進攻擊。研究人員看到駭客使用兩種不同程式碼注入工具來繞過防禦,最終在受害電腦植入竊資軟體。
🎯 Key Points:
1. 微軟在今年2月修補了網路捷徑檔案安全繞過漏洞CVE-2024-21412,但駭客利用它散布竊資軟體。
2. 資安業者Fortinet發現,攻擊者製作指向特定遠端伺服器的惡意URL檔案,並誘使受害者執行以推進攻擊。
3. 研究人員看到駭客使用兩種程式碼注入工具,最終在受害電腦植入竊資軟體。
4. Fortinet發現,駭客利用Steam社群網站作為Dead Drop Resolver來埋藏C2來源。
🔖 Keywords:
#CVE-2024-21412
#Fortinet
#Water Hydra
#Lumma Stealer
#Meduza Stealer
#ACR Stealer
#PowerShell
#HTA指令碼
#Edge主程式圖示
#LNK檔案
#forfiles
#mshta
#Imghippo
#GdipBitmapGetPixel
#HijackLoader
#Steam社群網站
#Dead Drop Resolver
#Docker
#AuthZ
#OpenAI
#GPT-4o mini
#Meta Llama 3 -
網路捷徑檔案安全機制繞過漏洞遭到利用超過一年,攻擊者用於散布數種竊資軟體 | iThome
Link
📌 Summary:
微軟在今年2月例行更新中修補了網路捷徑檔案安全繞過漏洞CVE-2024-21412,但駭客卻利用這項漏洞來散布多種竊資軟體,攻擊範圍涵蓋北美、西班牙和泰國。資安業者Fortinet在分析中發現,攻擊者製作指向特定遠端伺服器的惡意URL檔案,並在受害電腦下載LNK檔案,誘使受害者執行該檔案,從而推進攻擊。研究人員看到駭客使用兩種不同程式碼注入工具來繞過防禦,最終在受害電腦植入竊資軟體。
🎯 Key Points:
1. 微軟在今年2月修補了網路捷徑檔案安全繞過漏洞CVE-2024-21412,但駭客利用它散布竊資軟體。
2. 資安業者Fortinet發現,攻擊者製作指向特定遠端伺服器的惡意URL檔案,並誘使受害者執行以推進攻擊。
3. 研究人員看到駭客使用兩種程式碼注入工具,最終在受害電腦植入竊資軟體。
4. Fortinet發現,駭客利用Steam社群網站作為Dead Drop Resolver來埋藏C2來源。
🔖 Keywords:
#CVE-2024-21412
#Fortinet
#Water Hydra
#Lumma Stealer
#Meduza Stealer
#ACR Stealer
#PowerShell
#HTA指令碼
#Edge主程式圖示
#LNK檔案
#forfiles
#mshta
#Imghippo
#GdipBitmapGetPixel
#HijackLoader
#Steam社群網站
#Dead Drop Resolver
#Docker
#AuthZ
#OpenAI
#GPT-4o mini
#Meta Llama 3