Threat Research

In December 2025, Labz discovered a new C2 implant called SnappyClient, delivered via HijackLoader. SnappyClient is a C++-based malware that enables remote access and extensive data theft. Its capabilities include keylogging, screenshots, remote terminal access, and stealing data from browsers and applications....

The Clickfix HijackLoader phishing campaign highlights the growing threat of attack loaders in modern cyberattacks. Since mid-2025, attackers have used Clickfix to trick victims into downloading malicious .msi installers, leading to the execution of HijackLoader—a sophisticated Malware-as-a-Service tool....

Dodi Repacks is a site known for distributing pirated games. It has a reputation for being safe or trustworthy on several piracy forums, where users frequently claim that using an adblocker like uBlock Origin ensures a secure experience. To test this assertion, a team attempted to download a game crack from the site with uBlock Origin enabled in the browser....

HijackLoader, a malware loader first discovered in 2023, has been updated with new modules that enhance its evasion tactics. These include call stack spoofing to hide function call origins, anti-VM checks to detect analysis environments, and a module for establishing persistence through scheduled tasks....

"PEAKLIGHT: Illuminating the Shadows" refers to a PowerShell-based downloader malware, first identified by Mandiant, that facilitates the delivery of infostealers through malware-as-a-service. The infection begins via a Microsoft Shortcut File (LNK) which connects to a CDN, serving a JavaScript dropper....