Warning: Undefined variable $comments_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 527

Hackers Leverage Legitimate MS Utility Tool to Inject a Malicious DLL Payload

Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Just two months ago, researchers from Trend Micro uncovered a sophisticated attack campaign by Earth Preta (also known as Mustang Panda), a China-linked APT group. Included by default since Windows 10 version 1607, this digitally-signed Microsoft utility is typically whitelisted by security solutions, making it an ideal vector for attackers to bypass detection mechanisms. As threat actors continue to leverage living-off-the-land techniques, defenders must remain vigilant against the misuse of legitimate system utilities within their attack chains. Kaaviya is a Security Editor and fellow reporter with Cyber Security News. This sophisticated attack technique allows hackers to hide malicious activity behind trusted Windows processes. This method injects an import table entry consisting of a specified DLL into the module at a given base address, allowing for more precise control over the attack. Earth Preta leveraged mavinject.exe to inject malicious payloads into waitfor.exe when ESET antivirus was detected running on victims’ systems. She is covering various cyber security incidents happening in the Cyber Space.

This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 22 Apr 2025 12:45:14 +0000

Cyber News related to Hackers Leverage Legitimate MS Utility Tool to Inject a Malicious DLL Payload

Warning: Undefined array key "host" in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 364

Warning: Undefined variable $domain_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 466

CVE-2005-2127 - Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for ...
6 years ago

Side-by-Side with HelloJackHunter: Unveiling the Mysteries of WinSxS - As we know, Dynamic-link library(DLL) Side loading / DLL Hijacking is nothing new, nor is Windows Side-by-Side; however, side loading is handy from an adversarial tradecraft perspective, be it for establishing initial access, persistence, privilege ...
1 year ago Blog.zsec.uk Equation

Hackers Employ DLL Side-Loading To Deliver Malicious Python Code - DLL side-loading exploits the Windows DLL search order mechanism, where attackers place malicious DLL files in locations where legitimate applications will load them instead of the intended legitimate libraries. The technique enables attackers to ...
5 months ago Cybersecuritynews.com

Detecting Vulnerability Scanning Traffic From Underground Tools Using Machine Learning - Our structured query language (SQL) injection detection model detected triggers containing unusual patterns that did not correlate to any known open-source or commercial automated vulnerability scanning tool. We have tested all malicious payloads ...
11 months ago Unit42.paloaltonetworks.com

Threat Actors Exploiting DLL Side-Loading Vulnerability in Google Chrome to Execute Malicious Payloads - Cybersecurity researchers have identified a concerning new attack vector where threat actors are actively exploiting a vulnerability in Google Chrome version 133.0.6943.126 through DLL side-loading techniques. This sophisticated attack allows ...
5 months ago Cybersecuritynews.com

SIEM agent being used in SilentCryptoMiner attacks | Securelist - The most interesting action in this attack was the implementation of unusual techniques like using an SIEM agent as backdoor, adding the malicious payload to a legitimate digital signature, and hiding directories containing malicious files. The ...
11 months ago Securelist.com

10 Best Ransomware File Decryptor Tools in 2025 - Kaspersky Rakhni Decryptor contains different decryption tools based on various versions of Rakhni ransomware and helps you decrypt encrypted files on your system. PyLocky Ransomware Decryption Tool is a free and open source developed and released by ...
5 months ago Cybersecuritynews.com

CVE-2025-4455 - A vulnerability was found in Patch My PC Home Updater up to 5.1.3.0. It has been rated as critical. This issue affects some unknown processing in the library ...
3 months ago

Top 30 Best Penetration Testing Tools - 2025 - The tool supports various protocols and offers advanced filtering and analysis capabilities, making it ideal for diagnosing network issues, investigating security incidents, and understanding complex network interactions during penetration testing. ...
5 months ago Cybersecuritynews.com

Sandworm Hackers Caused Another Blackout in Ukraine-During a Missile Strike - The notorious unit of Russia's GRU military intelligence agency known as Sandworm remains the only team of hackers to have ever triggered blackouts with their cyberattacks, turning off the lights for hundreds of thousands of Ukrainian civilians not ...
1 year ago Wired.com

Mustang Panda Employs Using Weaponized RAR Archives to Install New ToneShell Malware - The threat actor has been observed utilizing weaponized RAR archives containing malicious DLLs alongside legitimate signed executables to deploy updated variants of ToneShell malware through DLL sideloading techniques. Security researchers have ...
4 months ago Cybersecuritynews.com Mustang Panda

Hackers Exploit Legitimate Inno Setup Installer to Use as a Malware Delivery Vehicle - By leveraging legitimate frameworks like Inno Setup, attackers can distribute malware through various channels including phishing campaigns, compromised software repositories, and malicious advertisements without triggering immediate suspicion from ...
2 months ago Cybersecuritynews.com

Chinese Hackers Employ New Reverse SSH Tool to Attack Organizations - A sophisticated Chinese hacking group known as Billbug (also tracked as Lotus Blossom, Lotus Panda, and Bronze Elgin) has intensified its espionage campaign across Southeast Asia, employing a new custom Reverse SSH Tool to compromise high-value ...
4 months ago Cybersecuritynews.com Lotus Blossom

CVE-2005-1990 - Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, ...
4 years ago

Weaponized DeepSeek Installers Delivers Sainbox RAT and Hidden Rootkit - The fake installer drops three critical files: a legitimate executable named “Shine.exe,” a malicious DLL masquerading as “libcef.dll” (a legitimate Chromium Embedded Framework library), and a data file called ...
2 months ago Cybersecuritynews.com

Attackers Can Bypass Windows Security Using New DLL Hijacking - Threat actors using the DLL Hijacking technique for persistence have been the order of the day and have been utilized in several attacks. This attack method allows bypassing the privilege requirement for executing certain malicious codes on the ...
1 year ago Cybersecuritynews.com

Hackers Delivering Cobalt Strike Beacon Leveraging GitHub and Social Media - This campaign demonstrates the evolving threat landscape where attackers exploit the trust inherent in popular platforms to establish resilient command-and-control infrastructure, highlighting the need for enhanced detection capabilities that can ...
1 month ago Cybersecuritynews.com

QuasarRAT Deploys Advanced DLL Side-Loading Technique - A recent research report by Uptycs has highlighted the evolution of QuasarRAT, an open-source remote administration tool known for its lightweight nature and range of malicious functions. According to an advisory published on Friday by Uptycs ...
1 year ago Infosecurity-magazine.com

How Hackers Interrupted GTA 5 Online Gameplay on PC - Recently, a cyber-attack on Grand Theft Auto 5 Online on PC caused an interruption to thousands of players’ gameplays. The game was completely taken offline and players couldn’t even access the main gameplay menu. The attack caused an uproar ...
2 years ago Hackread.com

20 Best Inventory Management Tools in 2025 - inFlow Inventory is a comprehensive inventory management tool designed for small to medium-sized businesses, offering features like real-time stock tracking, order management, and barcode scanning to streamline operations. The tool provides advanced ...
1 month ago Cybersecuritynews.com

Hackers Leverage Legitimate MS Utility Tool to Inject a Malicious DLL Payload - Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Just two months ago, researchers from Trend Micro uncovered a sophisticated attack campaign by Earth Preta (also known as ...
4 months ago Cybersecuritynews.com Mustang Panda

CVE-2018-6765 - Swisscom MySwisscomAssistant 2.17.1.1065 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded. It allows an ...
5 years ago

4500+ WordPress Sites Hacked with a Monero Cryptojacking Campaign - Security researchers recently reported the discovery of a massive Monero hacking campaign targeted at WordPress sites. According to reports, more than 4500 WordPress sites were compromised with a malicious cryptocurrency-mining campaign. The hackers ...
2 years ago Thehackernews.com

Chinese hackers abuse Microsoft APP-v tool to evade antivirus - The Chinese APT hacking group "Mustang Panda" has been spotted abusing the Microsoft Application Virtualization Injector utility as a LOLBIN to inject malicious payloads into legitimate processes to evade detection by antivirus software. ...
6 months ago Bleepingcomputer.com Mustang Panda

15 PostgreSQL Monitoring Tools - 2025 - What is Good?What Could Be Better?Monitoring application performance, user experience, and errors.Some users find the pricing high, especially for larger environments.Continuous server, database, and infrastructure monitoring.The extensive feature ...
4 months ago Cybersecuritynews.com