Cybersecurity researchers have uncovered a sophisticated campaign using cracked software sites to distribute CountLoader, a modular loader capable of deploying multiple malware families. The campaign demonstrates advanced persistence, propagation, and anti-detection techniques, highlighting the evolving threat landscape. #CountLoader #GachiLoader
Keypoints
- CountLoader is used as the initial stage in a multi-step attack targeting cracked software downloads.
- The malware employs persistence mechanisms like scheduled tasks and anti-security checks to evade detection.
- CountLoader is capable of delivering various payloads, including information stealers and action malware, in memory or via malicious downloads.
- The GachiLoader malware, distributed through compromised YouTube accounts, uses obfuscated JavaScript and PE injection techniques.
- Both campaigns emphasize the importance of layered defenses and awareness of signed binary abuse and fileless execution tactics.
Read More: https://thehackernews.com/2025/12/cracked-software-and-youtube-videos.html