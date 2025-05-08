Ransomware, Threat Intelligence

Qilin beefs up arsenal with SmokeLoader, NETXLOADER payloads

Ransomware

(Adobe Stock)

Malicious payloads NETXLOADER and SmokeLoader have been leveraged by the Qilin ransomware gang, also known as Agenda, to escalate attacks against telecommunications, healthcare, financial services, and technology organizations in the U.S., Brazil, the Netherlands, India, and the Philippines during the first three months of 2025, reports GBHackers News.

Advanced obfuscation methods, including JIT hooking and control flow obfuscation, and multiple nefarious domains have been harnessed by NETXLOADER to facilitate covert in-memory deployment of Agenda ransomware and SmokeLoader payload, according to a Trend Micro analysis. On the other hand, SmokeLoader employs dynamic API resolution and other sophisticated anti-detection techniques, as well as ensures persistence and escalates privileges. Such findings, which indicate the increasingly refined methods used by the Qilin ransomware operation to maximize their attacks, should prompt organizations to implement not only multi-layered security measures but also robust access controls and prudent threat tracking mechanisms to combat sophisticated malware delivery tactics.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.

Related

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

BackdoorDeepfakeDictionary AttackDisruptionDistributed ScansDomain HijackingDumpster DivingGoogle HackingMorris WormReconnaissance

You can skip this ad in 5 seconds