Click, Laugh, Scream: JinxLoader’s Netflix-style Malware Subscriptions Rocking the Cybercrime Scene

Welcome to the era of malware-as-a-service! JinxLoader, the Go-based malware loader, is the latest sensation in cybercrime, delivering payloads like Formbook and XLoader. It’s not just a product, it’s a subscription service. Hold onto your firewalls, because this is just the beginning of the JinxLoader malware loader saga!

Hot Take:

Forget makeup tutorials, cooking classes, or cat videos – the internet is now giving us malware-as-a-service. Yep, you heard that right! JinxLoader, a Go-based malware loader, is making waves in the cybercrime world, delivering delightful payloads like Formbook and XLoader. And just like Netflix subscriptions, you can get JinxLoader for a monthly, yearly, or lifetime fee. And if you think this is where the madness ends, then buckle up, because it’s just the beginning!

Key Points:

  • JinxLoader, a new malware loader, is being used by cybercriminals to deliver malicious payloads.
  • This malware pays homage to the League of Legends character, Jinx, with an ad poster and login panel.
  • It was first advertised on a hacking forum in April 2023, with subscription plans ranging from $60/month to a lifetime fee of $200.
  • The attacks commence with phishing emails, persuading recipients to open password-protected archives that drop the JinxLoader executable.
  • Stealer malware continues to thrive, with a new family known as Vortex Stealer being capable of exfiltrating browser data, Discord tokens, and system information.

Need to know more?

Phishin' for trouble

The trick starts with phishing emails pretending to be from the Abu Dhabi National Oil Company. They urge their victims to open password-protected RAR archives, and when unsuspecting folks do, they get a lovely parting gift - the JinxLoader executable.

Cybercrime's got talent

This isn't just a one-trick pony. Once it's in, JinxLoader acts as a gateway for Formbook or XLoader. It's like the host of a twisted talent show introducing the next act.

A whole new world

The rise of JinxLoader is part of a concerning trend, with ESET noting a spike in infections delivering another novice loader malware family named Rugmi.

Dark side of the web

In the underworld, upgrades are crucial. The actors behind the Meduza Stealer have released an updated version of the malware on the dark web. The new model boasts expanded support for browser-based cryptocurrency wallets and an enhanced credit card grabber.

Stealing the show

The malware market is booming, with a new family member, Vortex Stealer, making its debut. This charming criminal can exfiltrate browser data, Discord tokens, Telegram sessions, system information, and files under 2 MB. Stolen info gets uploaded to Gofile or Anonfiles, and also gets a shoutout on the author's Discord using webhooks. Talk about keeping it in the family!
Tags: DarkGate, Formbook, JinxLoader, malware loader, phishing attacks, PikaBot, Stealer Malware, XLoader