VERY IMPORTANT

Between August and October 2025, a phishing campaign targeted Colombian users with emails impersonating the Attorney General's office. The emails contained links to download a malicious file, initiating an infection chain using Hijackloader to deliver PureHVNC Remote Access Trojan (RAT). The campaign employed sophisticated techniques including DLL side-loading, anti-VM checks, and various injection methods. This marks the first observed instance of Hijackloader being used to deliver PureHVNC to Spanish-speaking users in Latin America, highlighting an evolving threat landscape in the region.