#DLLSideLoading

Researchers Uncover Hijack Loader Malware Using Stolen Code-Signing Certificates

October 15, 2024 by Xynik

October 15, 2024 at 03:42AM Cybersecurity researchers identified a new malware campaign delivering Hijack Loader artifacts signed with legitimate certificates. The campaign employs deceptive tactics like fake CAPTCHA pages and PowerShell scripts to deploy the Lumma information stealer. Meanwhile, other malware, including CoreWarrior and XWorm, exhibit increasing sophistication and capabilities in cyberattacks. ### Meeting Takeaways … Read more

New Cyberattack Targets Chinese-Speaking Businesses with Cobalt Strike Payloads

August 30, 2024 by Xynik

August 30, 2024 at 02:42AM Chinese-speaking users are being targeted in a sophisticated cyber espionage campaign called SLOW#TEMPEST, using phishing emails to infect Windows systems with Cobalt Strike payloads. The attackers established persistence within systems, conducted reconnaissance, and set up remote access, allowing them to move laterally across networks undetected. The campaign appears to be … Read more

Chinese Hackers Deploy SpiceRAT and SugarGh0st in Global Espionage Campaign

June 21, 2024 by Xynik

June 21, 2024 at 10:45AM The SneakyChef, a Chinese-speaking threat actor, has conducted an espionage campaign targeting government agencies in Asia and EMEA since August 2023. They have used SugarGh0st malware and a new remote access trojan codenamed SpiceRAT, employing various infection chains and techniques, expanding their scope to countries including Angola, India, Latvia, Saudi … Read more

Cybercriminals Exploit Free Software Lures to Deploy Hijack Loader and Vidar Stealer

June 18, 2024 by Xynik

June 18, 2024 at 10:00AM Threat actors are distributing malicious software through free/pirated commercial software. Hijack Loader camouflages as a Cisco Webex Meetings’ ptService module, stealthily introducing Vidar Stealer. The attack uses DLL side-loading and PowerShell scripts, while other actors employ social engineering tactics to deliver malware like Lumma Stealer and SolarMarker. This underscores the … Read more

New Malicious PyPI Packages Caught Using Covert Side-Loading Tactics

February 21, 2024 by Xynik

February 21, 2024 at 04:27AM Cybersecurity researchers discovered two malicious Python packages on PyPI repository, NP6HelperHttptest and NP6HelperHttper, using DLL side-loading to evade detection by security software. These fake packages aimed to deceive developers into downloading rogue counterparts of legitimate ones. The malicious code included a remote access trojan and was part of a wider … Read more

Beware: Malicious Google Ads Trick WinSCP Users into Installing Malware

November 17, 2023 by Xynik

November 17, 2023 at 08:48AM Threat actors are using manipulated search results and bogus Google ads to trick users into downloading malware instead of legitimate software, such as WinSCP. The attack involves redirecting users to a compromised WordPress website, then an attacker-controlled phishing site, and finally to a fake WinSCP website where they unknowingly download … Read more