tldrdaily.news logo
Tag

Dll Side Loading

All articles tagged with #dll side loading

China-linked Amaranth-Dragon Uses WinRAR Flaw for Southeast Asia Espionage
technology23 days ago

China-linked Amaranth-Dragon Uses WinRAR Flaw for Southeast Asia Espionage

Chinese-linked Amaranth-Dragon has run tightly targeted cyber-espionage campaigns against Southeast Asian government and law-enforcement agencies in 2025, exploiting the WinRAR CVE-2025-8088 flaw via spear-phishing archives hosted on cloud platforms to deploy Amaranth Loader and the Havoc C2 framework; the activity shows APT41 ties, with country-specific infrastructure and anti-analysis techniques, and is complemented by a separate Mustang Panda PlugX Diplomacy operation using LOLBins and staged with diplomatic/election-themed lures.

via The Hacker News|
#amaranth-dragon#apt41#dll-side-loading
"Quasar RAT: Flying Under the Radar with DLL Side-Loading"
cybersecurity2 years ago

"Quasar RAT: Flying Under the Radar with DLL Side-Loading"

The Quasar RAT, an open-source remote access trojan, has been observed using DLL side-loading to evade detection and steal data from compromised Windows hosts. The malware disguises itself as legitimate files, such as ctfmon.exe and calc.exe, to exploit the trust placed in them by the Windows environment. By leveraging DLL side-loading, the trojan executes its own payloads by planting spoofed DLL files. The attack begins with an ISO image file containing renamed binaries, which initiate the loading of malicious code concealed within a disguised DLL file. The trojan establishes connections with a remote server to send system information and enables remote access to the compromised endpoint. The initial access vector used by the threat actor is unclear, but phishing emails are a likely dissemination method. Users are advised to be cautious of suspicious emails, links, and attachments.

via The Hacker News|
#cybersecurity#data-exfiltration#dll-side-loading
Long-standing vulnerability leads to multiple hacker groups breaching US federal agency.
cybersecurity2 years ago

Long-standing vulnerability leads to multiple hacker groups breaching US federal agency.

Multiple threat actors, including one working for a nation-state, gained access to a US federal agency's network by exploiting a four-year-old vulnerability that remained unpatched. Both groups exploited a code-execution vulnerability tracked as CVE-2019-18935 in a developer tool known as the Telerik user interface (UI) for ASP.NET AJAX. The vulnerability was not detected for four years, and the agency's vulnerability scanner failed to detect it due to the Telerik UI software being installed in a file path it does not typically scan. The breach is the result of someone in the unnamed agency failing to install a patch that had been available for years.

via Ars Technica|
#cybersecurity#dll-side-loading#federal-agency