New Malware Loaders Use Call Stack Spoofing, GitHub C2, and .NET Reactor for Stealth

Cybersecurity researchers have discovered an updated version of a malware loader called Hijack Loader that implements new features to evade detection and establish persistence on compromised systems.
“Hijack Loader released a new module that implements call stack spoofing to hide the origin of function calls (e.g., API and system calls),” Zscaler ThreatLabz researcher Muhammed Irfan V A said in