Summary: Cybersecurity researchers have identified enhanced malware loaders, including Hijack Loader and SHELBY, that use advanced evasion tactics and innovative command-and-control methods. Hijack Loader introduces call stack spoofing and anti-VM checks, while SHELBY operates through GitHub for remote control and data exfiltration. Meanwhile, Emmenhtal loader has been distributing SmokeLoader via phishing emails using .NET Reactor for obfuscation.
Affected: Organizations utilizing antivirus and security software, targeted industries (e.g., telecommunications)
Keypoints :
- Hijack Loader employs call stack spoofing to evade detection and includes new anti-VM modules.
- SHELBY malware utilizes GitHub for command-and-control communication, allowing for covert operations.
- Emmenhtal loader delivers SmokeLoader through payment-themed phishing emails, using .NET Reactor for enhanced obfuscation.
Source: https://thehackernews.com/2025/04/new-malware-loaders-use-call-stack.html