The Evolution of a Cyber Threat: From JinxLoader to Astolfo Loader
Essential information
- Published
- 26/11/2024 21:34
- Modified
- 26/11/2024 22:02
- Tags
- 2024-11-26 astolfo loader c2 jinxloader
- Related entities
- 6 observables, 8 techniques (mitre), 4 malware
Description
JinxLoader, a Go-based malware loader distributed via phishing emails, has evolved into Astolfo Loader. Originally sold on Hack Forums, JinxLoader was designed to deploy additional malware on Windows and Linux systems. The malware operates as a Malware-as-a-Service, making sophisticated tools accessible to a broader range of cybercriminals. Astolfo Loader, a rebranded version written in C++, offers improved performance and smaller file size. Both loaders employ anti-analysis techniques and geolocation checks before connecting to command-and-control servers. This evolution demonstrates the rapid spread and adaptation of malware variants in the cybercriminal ecosystem.