Intelligence Insights: December 2024

This report details a surge in HijackLoader deployments delivering LummaC2 and other malware via ZIP archives that pair legitimate executables with malicious DLLs, leveraging DLL sideloading, process injection, and suspended child-process injection to achieve credential theft and persistent C2 connectivity; the write-up includes behavioral indicators and example IOCs and highlights an exponential increase in November.