"Quasar RAT: Flying Under the Radar with DLL Side-Loading"
Originally Published 2 years ago — by The Hacker News
The Quasar RAT, an open-source remote access trojan, has been observed using DLL side-loading to evade detection and steal data from compromised Windows hosts. The malware disguises itself as legitimate files, such as ctfmon.exe and calc.exe, to exploit the trust placed in them by the Windows environment. By leveraging DLL side-loading, the trojan executes its own payloads by planting spoofed DLL files. The attack begins with an ISO image file containing renamed binaries, which initiate the loading of malicious code concealed within a disguised DLL file. The trojan establishes connections with a remote server to send system information and enables remote access to the compromised endpoint. The initial access vector used by the threat actor is unclear, but phishing emails are a likely dissemination method. Users are advised to be cautious of suspicious emails, links, and attachments.
