Name of Malware: HijackLoader

Type of Malware: Dropper

Affected Operating Systems: Windows

Affected Device Types: PCs, laptops

Impact: high

What is HijackLoader?

HijackLoader is a malware loader first discovered in 2023 that is used by attackers to load additional malware (such as Trojans like Danabot or the RedLine stealer) onto infected computers.

How did I get infected with HijackLoader?

HijackLoader is usually distributed via phishing emails with manipulated attachments or downloads from infected websites. Attackers often use ZIP archives that contain harmless programs and a malicious DLL. When the program is started, it loads this DLL, which then executes the malicious code. In some cases, fake software updates (e.g. a “CrowdStrike Hotfix”) have also been distributed by email to install HijackLoader and then download further malware.

What do I have to do now?

To remove HijackLoader, it is recommended to scan the infected system with an antivirus program. As the infection may be accompanied by other malware, it may be necessary to reinstall the operating system. Furthermore, all login passwords should be changed.

Further information on removing this malware can be found under Removing infections from PCs, laptops etc.

Technical specifications

Further information on this malware can be found on the website of our project partner Fraunhofer FKIE.