#dll-sideloading

[ follow ]
#chaosbot #rust-malware #discord-c2 #wmi-lateral-movement #eggstreme #fileless-malware #china-apt
Information security
fromThe Hacker News
1 week ago

New Rust-Based Malware "ChaosBot" Hijacks Discord Channels to Control Victims' PCs

ChaosBot is a Rust-based backdoor using Discord C2, compromised credentials, WMI, DLL sideloading, and an FRP reverse proxy to enable reconnaissance, command execution, and persistence.
Information security
fromThe Hacker News
1 month ago

Chinese APT Deploys EggStreme Fileless Malware to Breach Philippine Military Systems

EggStreme is a fileless, multi-stage malware used by China-linked APT to infiltrate Philippines military contractor, enabling stealthy persistence, reconnaissance, lateral movement, and data theft.
fromSecuritymagazine
1 month ago

Russian Threat Group Targets Microsoft Outlook With Malware

"APT28 is abusing Outlook as a covert channel through a VBA macro backdoor named NotDoor," Jason Soroko, Senior Fellow at Sectigo, explains. "Delivery uses DLL sideloading of a malicious SSPICLI.dll by the signed OneDrive.exe to disable macro protections and stage commands. The macro watches inbound mail for a trigger word and can exfiltrate data upload files and run commands. This blends with trusted binaries and normal mail flow and can slip past perimeter tools and basic detections."
Information security
[ Load more ]