All news with #reflective dll injection tag

XWorm Campaign Signals Rise in Fileless In-Memory Attacks

🔒 Forcepoint Labs describes a multi-stage phishing campaign that delivers the XWorm remote-access trojan via an Office .xlam attachment embedding an OLE native stream. An encrypted shellcode launches a .NET dropper that uses steganography and reflective DLL loading to unpack successive in-memory stages, minimizing on-disk artifacts. Attackers leverage API hashing, unhooked calls and layered encryption to evade sandboxes and traditional scanners; Forcepoint provides IoCs and detection recommendations.