image credit: DC Studio / Freepik

Cybercriminals Employ PhantomLoader to Distribute SSLoad Malware

June 13, 2024


The nascent malware known as SSLoad is being delivered by means of a previously undocumented loader called PhantomLoader, according to findings from cybersecurity firm Intezer.

“The loader is added to a legitimate DLL, usually EDR or AV products, by binary patching the file and employing self-modifying techniques to evade detection,” security researchers Nicole Fishbein and Ryan Robinson said in a report published this week.

SSLoad, likely offered to other threat actors under a Malware-as-a-Service (MaaS) model owing to its different delivery methods, infiltrates systems through phishing emails, conducts reconnaissance, and pushes additional types of malware down to victims.

Read More on The Hacker News