home.social

#hijackloader — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #hijackloader, aggregated by home.social.

  1. User interaction with a ClickFix-style phishing site resulted in execution of an obfuscated PowerShell command

    A ClickFix-style phishing campaign leveraged social engineering to trick users into executing obfuscated PowerShell commands that downloaded and installed a malicious MSI payload from a remote server. The attack employed a sophisticated multi-stage infection chain utilizing DLL sideloading techniques with renamed legitimate binaries to execute malicious components. The final payload deployed HijackLoader to deliver a Lumma-style information stealer designed for credential harvesting and data exfiltration. The campaign utilized multiple command-and-control domains and infrastructure hosted on specific IP addresses. Mitigation measures include blocking identified artifacts, enhancing user awareness about ClickFix social engineering tactics, implementing endpoint detection for suspicious PowerShell activity and unsigned DLL sideloading, and isolating compromised systems for remediation.

    Pulse ID: 69f1de85544538ce8b03332a
    Pulse Link: otx.alienvault.com/pulse/69f1d
    Pulse Author: AlienVault
    Created: 2026-04-29 10:33:41

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CredentialHarvesting #CyberSecurity #Endpoint #HijackLoader #ICS #InfoSec #OTX #OpenThreatExchange #Phishing #PowerShell #RAT #SideLoading #SocialEngineering #bot #AlienVault

  2. User interaction with a ClickFix-style phishing site resulted in execution of an obfuscated PowerShell command

    A ClickFix-style phishing campaign leveraged social engineering to trick users into executing obfuscated PowerShell commands that downloaded and installed a malicious MSI payload from a remote server. The attack employed a sophisticated multi-stage infection chain utilizing DLL sideloading techniques with renamed legitimate binaries to execute malicious components. The final payload deployed HijackLoader to deliver a Lumma-style information stealer designed for credential harvesting and data exfiltration. The campaign utilized multiple command-and-control domains and infrastructure hosted on specific IP addresses. Mitigation measures include blocking identified artifacts, enhancing user awareness about ClickFix social engineering tactics, implementing endpoint detection for suspicious PowerShell activity and unsigned DLL sideloading, and isolating compromised systems for remediation.

    Pulse ID: 69f1de85544538ce8b03332a
    Pulse Link: otx.alienvault.com/pulse/69f1d
    Pulse Author: AlienVault
    Created: 2026-04-29 10:33:41

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CredentialHarvesting #CyberSecurity #Endpoint #HijackLoader #ICS #InfoSec #OTX #OpenThreatExchange #Phishing #PowerShell #RAT #SideLoading #SocialEngineering #bot #AlienVault

  3. User interaction with a ClickFix-style phishing site resulted in execution of an obfuscated PowerShell command

    A ClickFix-style phishing campaign leveraged social engineering to trick users into executing obfuscated PowerShell commands that downloaded and installed a malicious MSI payload from a remote server. The attack employed a sophisticated multi-stage infection chain utilizing DLL sideloading techniques with renamed legitimate binaries to execute malicious components. The final payload deployed HijackLoader to deliver a Lumma-style information stealer designed for credential harvesting and data exfiltration. The campaign utilized multiple command-and-control domains and infrastructure hosted on specific IP addresses. Mitigation measures include blocking identified artifacts, enhancing user awareness about ClickFix social engineering tactics, implementing endpoint detection for suspicious PowerShell activity and unsigned DLL sideloading, and isolating compromised systems for remediation.

    Pulse ID: 69f1de85544538ce8b03332a
    Pulse Link: otx.alienvault.com/pulse/69f1d
    Pulse Author: AlienVault
    Created: 2026-04-29 10:33:41

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CredentialHarvesting #CyberSecurity #Endpoint #HijackLoader #ICS #InfoSec #OTX #OpenThreatExchange #Phishing #PowerShell #RAT #SideLoading #SocialEngineering #bot #AlienVault

  4. User interaction with a ClickFix-style phishing site resulted in execution of an obfuscated PowerShell command

    A ClickFix-style phishing campaign leveraged social engineering to trick users into executing obfuscated PowerShell commands that downloaded and installed a malicious MSI payload from a remote server. The attack employed a sophisticated multi-stage infection chain utilizing DLL sideloading techniques with renamed legitimate binaries to execute malicious components. The final payload deployed HijackLoader to deliver a Lumma-style information stealer designed for credential harvesting and data exfiltration. The campaign utilized multiple command-and-control domains and infrastructure hosted on specific IP addresses. Mitigation measures include blocking identified artifacts, enhancing user awareness about ClickFix social engineering tactics, implementing endpoint detection for suspicious PowerShell activity and unsigned DLL sideloading, and isolating compromised systems for remediation.

    Pulse ID: 69f1de85544538ce8b03332a
    Pulse Link: otx.alienvault.com/pulse/69f1d
    Pulse Author: AlienVault
    Created: 2026-04-29 10:33:41

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CredentialHarvesting #CyberSecurity #Endpoint #HijackLoader #ICS #InfoSec #OTX #OpenThreatExchange #Phishing #PowerShell #RAT #SideLoading #SocialEngineering #bot #AlienVault

  5. User interaction with a ClickFix-style phishing site resulted in execution of an obfuscated PowerShell command

    A ClickFix-style phishing campaign leveraged social engineering to trick users into executing obfuscated PowerShell commands that downloaded and installed a malicious MSI payload from a remote server. The attack employed a sophisticated multi-stage infection chain utilizing DLL sideloading techniques with renamed legitimate binaries to execute malicious components. The final payload deployed HijackLoader to deliver a Lumma-style information stealer designed for credential harvesting and data exfiltration. The campaign utilized multiple command-and-control domains and infrastructure hosted on specific IP addresses. Mitigation measures include blocking identified artifacts, enhancing user awareness about ClickFix social engineering tactics, implementing endpoint detection for suspicious PowerShell activity and unsigned DLL sideloading, and isolating compromised systems for remediation.

    Pulse ID: 69f1de85544538ce8b03332a
    Pulse Link: otx.alienvault.com/pulse/69f1d
    Pulse Author: AlienVault
    Created: 2026-04-29 10:33:41

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CredentialHarvesting #CyberSecurity #Endpoint #HijackLoader #ICS #InfoSec #OTX #OpenThreatExchange #Phishing #PowerShell #RAT #SideLoading #SocialEngineering #bot #AlienVault

  6. #Hijackloader
    "SettlePay - Billing Report.exe" signed by "广州杜倾科技有限公司"
    02cbc77d52e12aea6a6c9db36c07d2eccd1af9d39b88b3802b40cb10d088b30c

    MB: https://bazaar.abuse[.]ch/sample/02cbc77d52e12aea6a6c9db36c07d2eccd1af9d39b88b3802b40cb10d088b30c

  7. 網路捷徑檔案安全機制繞過漏洞遭到利用超過一年,攻擊者用於散布數種竊資軟體 | iThome

    Link
    📌 Summary:
    微軟在今年2月例行更新中修補了網路捷徑檔案安全繞過漏洞CVE-2024-21412,但駭客卻利用這項漏洞來散布多種竊資軟體,攻擊範圍涵蓋北美、西班牙和泰國。資安業者Fortinet在分析中發現,攻擊者製作指向特定遠端伺服器的惡意URL檔案,並在受害電腦下載LNK檔案,誘使受害者執行該檔案,從而推進攻擊。研究人員看到駭客使用兩種不同程式碼注入工具來繞過防禦,最終在受害電腦植入竊資軟體。

    🎯 Key Points:
    1. 微軟在今年2月修補了網路捷徑檔案安全繞過漏洞CVE-2024-21412,但駭客利用它散布竊資軟體。
    2. 資安業者Fortinet發現,攻擊者製作指向特定遠端伺服器的惡意URL檔案,並誘使受害者執行以推進攻擊。
    3. 研究人員看到駭客使用兩種程式碼注入工具,最終在受害電腦植入竊資軟體。
    4. Fortinet發現,駭客利用Steam社群網站作為Dead Drop Resolver來埋藏C2來源。

    🔖 Keywords:
    #CVE-2024-21412
    #Fortinet
    #Water Hydra
    #Lumma Stealer
    #Meduza Stealer
    #ACR Stealer
    #PowerShell
    #HTA指令碼
    #Edge主程式圖示
    #LNK檔案
    #forfiles
    #mshta
    #Imghippo
    #GdipBitmapGetPixel
    #HijackLoader
    #Steam社群網站
    #Dead Drop Resolver
    #Docker
    #AuthZ
    #OpenAI
    #GPT-4o mini
    #Meta Llama 3

  8. Happy Wednesday everyone!

    Read this report by CrowdStrike this morning that covered a lot of technical details on the new tactics, techniques, and procedures (TTPs) observed by the researchers when analyzing the #HijackLoader. Now among all the creative or sophistication that went into making this malware more and more evasive, there is an artifact that sticks out to me, and that is execution of .dll's or .exe's out of the C:\Windows\SYSWOW64\ directory. This tells me right away that something suspicious might be happening. Now, if you have 32-bit versions of programs that run in your environment, then this hunt may be a bit harder due to a larger set of false-positives, but if there aren't a lot of false-positives this could be an easy win! Happy Hunting!

    HijackLoader Expands Techniques to Improve Defense Evasion
    crowdstrike.com/blog/hijackloa

    #CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday #huntoftheday

  9. 網路捷徑檔案安全機制繞過漏洞遭到利用超過一年,攻擊者用於散布數種竊資軟體 | iThome

    Link
    📌 Summary:
    微軟在今年2月例行更新中修補了網路捷徑檔案安全繞過漏洞CVE-2024-21412,但駭客卻利用這項漏洞來散布多種竊資軟體,攻擊範圍涵蓋北美、西班牙和泰國。資安業者Fortinet在分析中發現,攻擊者製作指向特定遠端伺服器的惡意URL檔案,並在受害電腦下載LNK檔案,誘使受害者執行該檔案,從而推進攻擊。研究人員看到駭客使用兩種不同程式碼注入工具來繞過防禦,最終在受害電腦植入竊資軟體。

    🎯 Key Points:
    1. 微軟在今年2月修補了網路捷徑檔案安全繞過漏洞CVE-2024-21412,但駭客利用它散布竊資軟體。
    2. 資安業者Fortinet發現,攻擊者製作指向特定遠端伺服器的惡意URL檔案,並誘使受害者執行以推進攻擊。
    3. 研究人員看到駭客使用兩種程式碼注入工具,最終在受害電腦植入竊資軟體。
    4. Fortinet發現,駭客利用Steam社群網站作為Dead Drop Resolver來埋藏C2來源。

    🔖 Keywords:
    #CVE-2024-21412
    #Fortinet
    #Water Hydra
    #Lumma Stealer
    #Meduza Stealer
    #ACR Stealer
    #PowerShell
    #HTA指令碼
    #Edge主程式圖示
    #LNK檔案
    #forfiles
    #mshta
    #Imghippo
    #GdipBitmapGetPixel
    #HijackLoader
    #Steam社群網站
    #Dead Drop Resolver
    #Docker
    #AuthZ
    #OpenAI
    #GPT-4o mini
    #Meta Llama 3

  10. 網路捷徑檔案安全機制繞過漏洞遭到利用超過一年,攻擊者用於散布數種竊資軟體 | iThome

    Link
    📌 Summary:
    微軟在今年2月例行更新中修補了網路捷徑檔案安全繞過漏洞CVE-2024-21412,但駭客卻利用這項漏洞來散布多種竊資軟體,攻擊範圍涵蓋北美、西班牙和泰國。資安業者Fortinet在分析中發現,攻擊者製作指向特定遠端伺服器的惡意URL檔案,並在受害電腦下載LNK檔案,誘使受害者執行該檔案,從而推進攻擊。研究人員看到駭客使用兩種不同程式碼注入工具來繞過防禦,最終在受害電腦植入竊資軟體。

    🎯 Key Points:
    1. 微軟在今年2月修補了網路捷徑檔案安全繞過漏洞CVE-2024-21412,但駭客利用它散布竊資軟體。
    2. 資安業者Fortinet發現,攻擊者製作指向特定遠端伺服器的惡意URL檔案,並誘使受害者執行以推進攻擊。
    3. 研究人員看到駭客使用兩種程式碼注入工具,最終在受害電腦植入竊資軟體。
    4. Fortinet發現,駭客利用Steam社群網站作為Dead Drop Resolver來埋藏C2來源。

    🔖 Keywords:
    #CVE-2024-21412
    #Fortinet
    #Water Hydra
    #Lumma Stealer
    #Meduza Stealer
    #ACR Stealer
    #PowerShell
    #HTA指令碼
    #Edge主程式圖示
    #LNK檔案
    #forfiles
    #mshta
    #Imghippo
    #GdipBitmapGetPixel
    #HijackLoader
    #Steam社群網站
    #Dead Drop Resolver
    #Docker
    #AuthZ
    #OpenAI
    #GPT-4o mini
    #Meta Llama 3

  11. 網路捷徑檔案安全機制繞過漏洞遭到利用超過一年,攻擊者用於散布數種竊資軟體 | iThome

    Link
    📌 Summary:
    微軟在今年2月例行更新中修補了網路捷徑檔案安全繞過漏洞CVE-2024-21412,但駭客卻利用這項漏洞來散布多種竊資軟體,攻擊範圍涵蓋北美、西班牙和泰國。資安業者Fortinet在分析中發現,攻擊者製作指向特定遠端伺服器的惡意URL檔案,並在受害電腦下載LNK檔案,誘使受害者執行該檔案,從而推進攻擊。研究人員看到駭客使用兩種不同程式碼注入工具來繞過防禦,最終在受害電腦植入竊資軟體。

    🎯 Key Points:
    1. 微軟在今年2月修補了網路捷徑檔案安全繞過漏洞CVE-2024-21412,但駭客利用它散布竊資軟體。
    2. 資安業者Fortinet發現,攻擊者製作指向特定遠端伺服器的惡意URL檔案,並誘使受害者執行以推進攻擊。
    3. 研究人員看到駭客使用兩種程式碼注入工具,最終在受害電腦植入竊資軟體。
    4. Fortinet發現,駭客利用Steam社群網站作為Dead Drop Resolver來埋藏C2來源。

    🔖 Keywords:
    #CVE-2024-21412
    #Fortinet
    #Water Hydra
    #Lumma Stealer
    #Meduza Stealer
    #ACR Stealer
    #PowerShell
    #HTA指令碼
    #Edge主程式圖示
    #LNK檔案
    #forfiles
    #mshta
    #Imghippo
    #GdipBitmapGetPixel
    #HijackLoader
    #Steam社群網站
    #Dead Drop Resolver
    #Docker
    #AuthZ
    #OpenAI
    #GPT-4o mini
    #Meta Llama 3

  12. 網路捷徑檔案安全機制繞過漏洞遭到利用超過一年,攻擊者用於散布數種竊資軟體 | iThome

    Link
    📌 Summary:
    微軟在今年2月例行更新中修補了網路捷徑檔案安全繞過漏洞CVE-2024-21412,但駭客卻利用這項漏洞來散布多種竊資軟體,攻擊範圍涵蓋北美、西班牙和泰國。資安業者Fortinet在分析中發現,攻擊者製作指向特定遠端伺服器的惡意URL檔案,並在受害電腦下載LNK檔案,誘使受害者執行該檔案,從而推進攻擊。研究人員看到駭客使用兩種不同程式碼注入工具來繞過防禦,最終在受害電腦植入竊資軟體。

    🎯 Key Points:
    1. 微軟在今年2月修補了網路捷徑檔案安全繞過漏洞CVE-2024-21412,但駭客利用它散布竊資軟體。
    2. 資安業者Fortinet發現,攻擊者製作指向特定遠端伺服器的惡意URL檔案,並誘使受害者執行以推進攻擊。
    3. 研究人員看到駭客使用兩種程式碼注入工具,最終在受害電腦植入竊資軟體。
    4. Fortinet發現,駭客利用Steam社群網站作為Dead Drop Resolver來埋藏C2來源。

    🔖 Keywords:
    #CVE-2024-21412
    #Fortinet
    #Water Hydra
    #Lumma Stealer
    #Meduza Stealer
    #ACR Stealer
    #PowerShell
    #HTA指令碼
    #Edge主程式圖示
    #LNK檔案
    #forfiles
    #mshta
    #Imghippo
    #GdipBitmapGetPixel
    #HijackLoader
    #Steam社群網站
    #Dead Drop Resolver
    #Docker
    #AuthZ
    #OpenAI
    #GPT-4o mini
    #Meta Llama 3