Cybersecurity researchers revealed a new BackConnect (BC) malware developed by threat actors linked to the QakBot loader. Walmart’s Cyber Intelligence team found the BC module on the same infrastructure distributing another malware loader called ZLoader. British cybersecurity company Sophos also analyzed the BC malware and attributed it to a threat cluster known for using Quick Assist for ransomware deployment and tricking targets into granting remote access to their PCs.
New Malware Loaders Use Call Stack Spoofing, GitHub C2, and .NET Reactor for Stealth
An updated version of a malware loader, known as Hijack Loader, has been discovered with new features aimed at evading detection and maintaining persistence. The
