All news with #dll sideloading tag

🔍 Check Point Research reports that Iranian-linked actor Nimbus Manticore has escalated cyber-espionage operations across Western Europe, with heightened targeting of organizations in Denmark, Sweden and Portugal. Attackers impersonate recruiters and use convincing fake career portals to deliver personalized credentials and malicious archives. The campaign leverages evolved backdoors—first seen as Minibike, now observed as MiniJunk and MiniBrowse—and employs multi-stage DLL sideloading into legitimate Windows binaries, including Microsoft Defender components, alongside valid code-signing certificates and compiler-level obfuscation to evade detection. Infrastructure hosted via Azure App Service and shielded by Cloudflare provides redundancy and rapid command-and-control recovery.

🛡️ A recent campaign in Latin America leverages oversized SVG image attachments to deliver AsyncRAT by embedding the entire malicious payload inside the XML. Victims receive convincing, urgent emails impersonating judicial services, and interacting with the >10MB SVG loads a fake portal that triggers a password-protected ZIP download containing an executable and a DLL-sideloaded payload. ESET telemetry highlights a spike in activity, notably affecting Colombia, while attackers appear to use AI to generate unique, randomized SVGs to evade detection.

🐍 IBM X-Force reports that China-aligned Mustang Panda is deploying a new USB worm, SnakeDisk, to propagate the Yokai backdoor against machines geolocated to Thailand. The actor also introduced updated TONESHELL variants (TONESHELL8/9) with proxy-aware C2 and parallel reverse shells. SnakeDisk abuses DLL side-loading and USB volume masquerading—moving user files into a subfolder and presenting a deceptive 'USB.exe' lure before restoring originals—to spread selectively on Thailand-based public IPs.

🔍 VirusTotal's AI Code Insight detected a sophisticated phishing campaign that hid malicious JavaScript inside SVG images to impersonate Colombia's judicial system. The SVGs rendered fake portal pages with a bogus download progress bar and displayed a password for a protected ZIP archive that contained malware artifacts. The archive included a renamed Comodo Dragon executable, a malicious DLL, and two encrypted files; when the executable runs the DLL is sideloaded to install further malware. After adding SVG support, VirusTotal found 523 related SVGs that had evaded traditional antivirus detection.