New JinxLoader Targeting Users with Formbook and XLoader Malware

01-Jan-23

Threat actors are utilizing JinxLoader, a new Go-based malware loader, to distribute next-stage payloads like Formbook and its XLoader replacement. The information was released by cybersecurity companies Symantec and Palo Alto Networks Unit 42, who both outlined multi-phase assault sequences that culminated in the phishing attack that launched JinxLoader.



“The malware pays homage to League of Legends character Jinx, featuring the character on its ad poster and [command-and-control] login panel,” Symantec said. “JinxLoader’s primary function is straightforward – loading malware.” This development coincides with the discovery by ESET of an increase in infections, which resulted to the delivery of a new family of novice loader malware called Rugmi, which spreads a variety of information stealers.

Read More…