Recently, cybersecurity experts have noticed a new version of the evil in Hijackloader, which now includes improved methods of counteracting the analysis. This allows the malicious to remain unnoticed in compromised networks for longer periods of time.
Researchers from Zscler to your technical report reported that new functions aimed at increasing the secrecy of harmful software. So, Hijackloader, also known as Idat Loader, can now add exceptions for Windows Defender antivirus, bypass user account control (UAC), avoid API interception, which is often used by antivirus programs for detection, as well as use the Process Hollowing technique.
First noticed in September 2023, Hijackloader has already been used to spread various malware, including Amadey, Lumma Stealer, Meta Stealer, Racoon Steler V2, Remcos Rat and Rhadamanthys.
Particular attention is attracted by the latest version of the bootloader, which uses the method of decoding and analyzing the PNG image to load the next stage of malicious software. This technique was the company’s first described with clients in various industries, including finances, healthcare, production and government agencies.
Morphism has partnerships with other cybersecurity companies such as Microsoft and McAfee. For its innovative products and decisions, the company has repeatedly received various awards.