"Researchers Uncover Hijack Loader Malware Using Stolen Code-Signing Certificates"

A new malware campaign delivers "Hijack Loader" artifacts signed with legitimate code-signing certificates. Researchers at HarfangLab detected the activity, noting that the attack chains aim to deploy the "Lumma" infostealer. Hijack Loader was discovered in September 2023, with attack chains that trick users into downloading a booby-trapped binary as pirated software or movies. Recent variants of these campaigns direct users to fake CAPTCHA pages that ask site visitors to prove they are human by copying and running an encoded PowerShell command, which then drops the payload in the form of a ZIP archive. This article continues to discuss findings regarding the new malware campaign.

THN reports "Researchers Uncover Hijack Loader Malware Using Stolen Code-Signing Certificates"

Submitted by grigby1