Security researchers have identified an updated version of the Hijack Loader malware, known as IDAT Loader, with improved anti-evasion capabilities, making it harder to detect and enhancing its stealth operations. The malware uses a modular architecture in its second-stage payload and employs techniques like avoiding API hooking, adding Windows Defender exclusions, bypassing User Account Control (UAC), and utilizing process hollowing to inject malicious code. By decrypting and parsing a PNG image to load the payload, this malware evolves its stealth abilities
Recent findings in March and April 2024 revealed new modules associated with the malware. Detection and analysis are facilitated by tools like ANY.RUN sandbox, which uses YARA rules to detect the Hijack Loader and provides detailed behavior analysis. Some common payloads delivered by Hijack Loader include Amadey, Lumma Stealer, Meta Stealer, and the Remcos RAT. The malware's latest IOCs include IPs and hashes that are continually updated in the Malware Trends Tracker for researchers to monitor. https://cybersecuritynews.com/new-hijack-loader-attack-windows-with-enhanced-anti-evasion-capabilities/