Malicious payloads HijackLoader, CoreWarrior, and XWorm have been deployed in separate malware attack campaigns, The Hacker News reports.
Authentic code-signing certificates have been leveraged by threat actors to facilitate the HijackLoader malware campaign earlier this month to better conceal the deployment of the Lumma information-stealing malware, an analysis from HarfangLab showed. "This research underscores that malware can be signed, highlighting that code signature alone cannot serve as a baseline indicator of trustworthiness," said HarfangLab researchers. Another report from SonicWall Capture Labs noted mounting Windows system-targeted attacks involving the CoreWarrior trojan, which establishes communications with various IP addresses and ensures backdoor access through multiple sockets. Threat actors were also reported by Netskope Threat Labs to have exploited a Windows Script File to deliver the XWorm infostealer and loader malware, which not only conducts screenshot capturing and host file reading and modification but also allows denial-of-service intrusions while eradicating stored plugins to ensure stealth.
