A new malware loader called JinxLoader [1] [2] [3] [4], developed using the Go programming language, has emerged as a tool for phishing attacks. This loader is utilized by threat actors to distribute additional malicious payloads, such as Formbook and XLoader [3] [4]. Cybersecurity firms Palo Alto Networks Unit 42 and Symantec have identified multi-step attack sequences involving phishing emails [4], which prompt recipients to open password-protected RAR archive attachments [1] [2] [3]. These attachments then deploy the JinxLoader executable [3], serving as a gateway for delivering subsequent payloads.


In addition to JinxLoader, researchers have also uncovered a new family of stealers known as Vortex Stealer. This particular stealer possesses the capability to extract various types of data, including browser data, Discord tokens [1] [2] [3], Telegram sessions [1] [2] [3], system information [1] [2] [3], and files under 2 MB in size [3]. The stolen information is subsequently archived and uploaded to platforms such as Gofile and Anonfiles [2], as well as shared on Discord and Telegram [2]. Furthermore, an updated version of the Meduza Stealer has been released, featuring expanded support for browser-based cryptocurrency wallets and an enhanced credit card grabber [2]. These advancements in malware and stealer capabilities pose a significant threat to users.


The emergence of JinxLoader as a malware loader in phishing attacks, along with the discovery of Vortex Stealer and the updated Meduza Stealer, highlights the evolving landscape of cyber threats. These developments underscore the need for heightened vigilance and robust cybersecurity measures. Users should exercise caution when handling email attachments, particularly those requiring passwords. Employing reliable antivirus software, regularly updating systems, and practicing safe browsing habits are essential in mitigating the risks posed by these malicious tools. As cybercriminals continue to innovate, it is crucial for individuals and organizations to stay informed and adapt their security practices accordingly.


[1] https://vulners.com/thn/THN:6859FE51DFE66B321273D738B83CCF2C
[2] https://thehackernews.com/2024/01/new-jinxloader-targeting-users-with.html
[3] https://ciso2ciso.com/new-jinxloader-targeting-users-with-formbook-and-xloader-malware-sourcethehackernews-com/
[4] https://www.linkedin.com/posts/wdevault_new-jinxloader-targeting-users-with-formbook-activity-7147481263136751617-NVoc