Zscaler’s cloud security platform has implemented detections for associated IOCs, including C2 servers like [.]cloud/MDcMkjAxsLKsT and payload hashes such as b55ba0f869f64.... Cybersecurity teams are advised to monitor for unusual IPFS traffic and enforce strict API execution policies to mitigate risks. A newly identified malware loader dubbed TransferLoader has emerged as a critical threat, enabling attackers to execute arbitrary commands on compromised systems and deliver payloads such as the Morpheus ransomware. First detected in February 2025 by Zscaler ThreatLabz researchers, this modular malware employs sophisticated evasion techniques and a decentralized infrastructure to bypass security measures. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. TransferLoader operates through a multi-stage framework: a downloader fetches additional payloads, a backdoor orchestrates remote commands, and a specialized loader manages configuration data. The second method, used in embedded payloads, stores critical values in SIMD registers and injects redundant arithmetic operations to mask variable assignments. TransferLoader represents a significant escalation in malware sophistication, combining modular payload delivery, decentralized C2 resilience, and layered obfuscation. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. The malware employs a combination of junk code insertion, dynamic API resolution, and multi-layered encryption to evade static and dynamic analysis. Notably, the backdoor module supports HTTPS and raw TCP communication, while its IPFS integration allows threat actors to dynamically update C2 endpoints-a tactic that complicates takedown efforts. These non-executable instructions, such as meaningless stack operations and unreachable CALL instructions, force analysts to manually isolate legitimate code paths. Additionally, it validates its filename for specific substrings (e.g., ess_) and requires multiple command-line arguments to proceed-a simple but effective method to thwart sandbox execution. Tushar is a Cyber security content editor with a passion for creating captivating and informative content.
This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 15 May 2025 14:39:53 +0000