Cybercriminals are exploiting VMware's signed binary, VmwareSampling.exe, to sideload the NIGHTFORGE loader, targeting Cambodian government institutions. This 'Khmer Shadow' campaign uses DLL sideloading and advanced evasion techniques to deploy the Havoc Demon payload, highlighting the need for vigilant monitoring of even trusted applications. #CyberSecurity #VMware #NIGHTFORGE #Espionage #Malware #DLLSideloading #HavocDemon thedailytechfeed.com/hackers…

The dangerous Grandoreiro banking trojan returns. Discover how it utilizes an advanced DLL side loading technique to bypass corporate defenses. #Grandoreiro #BankingTrojan #DLLSideLoading #Cybersecurity #FinTechSecurity securityonline.info/grandore…

Iranian group Seedworm infiltrates global firms using automated Node.js scripts and DLL sideloading via trusted binaries. Protect your credentials now! #Seedworm #CyberEspionage #InfoSec #ThreatIntel #MuddyWater #DLLSideloading #ChromElevator securityonline.info/seedworm…

A researcher shared a live ValleyRAT config pull from a Japanese Rakuten invoice lure campaign. We mapped the infrastructure: C2: 137.220.153[.]175:886 (BGPNET, Hong Kong) Delivery: missallanahstarr[.]com (Cloudie, Hong Kong) Vector: MaxxAudio DLL sideloading Config strings 默认备注 / 默认分组 — stock Gh0st RAT panel defaults. WHOIS registrant on 163.com with a fabricated "Kyoto, Saitama" address (different prefectures). HIGH confidence Silver Fox APT. Blog: intel.breakglass.tech/post/s… IOCs: github.com/vuln/breakglass-i… #SilverFox #ValleyRAT #APT #Japan #DLLSideloading

#FUD #DllSideLoading ⛔️https://captcha-verification-module.]com/ ⛔️https://captcha-verification-module.]com/verificationapp.png (is a Zip with inside exe and dll) Samples👇 bazaar.abuse.ch/browse/tag/c…

#booking #ClickFix #fakecaptcha > Netsupport / DllSideLoading Domains web-booking-pulse[.]com auth-in-extranet.]com signs-in-extranet.]com web-booking-extranet.]com web-extranet-login.]com sign-in-extranets.]com confirmation-id63926.]com 1/X

[偽CAPTCHA（ClickFix）で利用者にコマンド実行を誘導し、企業内感染へ連鎖した事例がフォレンジック観点で公開] 典型は「Web上の誘導→Windowsの実行（Win R等）→PowerShell実行」を利用者自身に踏ませる流れである。自動化検知を外し、EDRの“ユーザ実行”に偽装する狙いがある。 能力変化は、侵入前半を“人間OS”に肩代わりさせ、後半でDLLサイドローディングを使って実行ファイルの信頼を悪用する点にある。入口が軽く見えやすい一方、侵害後は重い。 #ClickFix #FakeCAPTCHA #PowerShell #DLLSideloading cert.pl/en/posts/2026/02/fak…

Microsoft Defender reveals a new phishing campaign abusing OAuth redirect URIs to bypass security and deliver stealthy malware to your system. #OAuth #Phishing #CyberSecurity #MicrosoftDefender #Malware #InfoSec #ThreatIntel #DLLSideloading #TechNews securityonline.info/oauth-hi…

#booking "family trip to italy" spam email spread #AgentTesla via DllSideLoading Samples👇 bazaar.abuse.ch/browse/tag/b… 👇 ⛔️https://api.telegram.]org/bot8705156458

We recently discovered renewed activity from the Iranian-linked threat actor Ferocious Kitten, a group that had been off the radar for quite some time, in an attempt to capture Iranian freedom fighters and opposition figures. To trick victims into downloading the trojanized installer, the actor uses a fake media-player website, "YEMPlayer". By leveraging DLL side-loading, it loads a malicious payload and establishes C2 communication. Some of the Media Player extracted files are signed with digital signature by "Nikki Boy Semblante" IoCs: 13440348516ccee839675f6ac908dd1724ce1d28f92af92fdc7938740d2b7ec5 cc59bf019af195dcec4394ffd7a8e23c080f4e02b12dcb7c04fb1da6671922a1 fa246327bed8fc5864827a8147b8b7aedb6246068259b8c97e82adb957315347 51a6686b8c5ec7c610637398f3de43589f4e9fcbe8bcc0245343c5454d3b91de 66dcd98c6b310f4429890821e609d48cc6395a6be15ffe5a121ec68b7a8f7402 bb0c7ae4f12e5141480ee26f473636b07e836bb994ff3b2cfec93d4480da171b ea755862ee81dd0d991b4afca42d8b82bb22a8f1d370bf3d28dbf2e44ab241dd ea755862ee81dd0d991b4afca42d8b82bb22a8f1d370bf3d28dbf2e44ab241dd 6c74d29903bc2cc17ec4afdb1a120d2060209b22830cee2b7005f5436e86f90e comi-site[.]website come-site[.]website yemplayer[.]site comview[.]website come-signin[.]quest comisignin[.]online 212[.]83.61.198 #ThreatIntel #Iran #CyberSecurity #Malware #DLLSideLoading #C2 #APT

#booking spread #rat via Python DllSideLoading 👇 pulse-accsreq150126.]com 👇 wilmypos.]com/chkproa 👇 unimaxtechnologies.]in/filellesszill.zip C2 ⛔️nisuwyyyqsafdas.]com Samples bazaar.abuse.ch/browse/tag/w… AnyRun app.any.run/tasks/07905b0b-9… cc @k3dg3 @500mk500 @skocherhan @1ZRR4H

Mustang PandaとみられるAPTが米政策組織を狙うスピアフィッシングでLOTUSLITEバックドアを配布。DLLサイドローディングで実行・C2制御・永続化し長期侵害の足場構築を狙う。#CyberEspionage #APT #DLLsideloading thehackernews.com/2026/01/lo…

🚨 AuraStealer Infostealer MaaS Uses TikTok “Scam-Yourself” Lures Heavy Anti-Analysis Obfuscation AuraStealer (MaaS) spreads via TikTok “free software activation” tutorials and other cracked-software lures, using multi-stage loaders and DLL sideloading to deploy a C infostealer targeting 110 browsers, crypto wallets, 2FA tools, and hundreds of extensions. It adds strong anti-analysis (geo-fencing CIS/Baltics, VM/process checks, exception-driven API hashing, indirect control-flow obfuscation, XOR string encryption, and checksum anti-tamper) to evade sandboxes and frustrate reverse engineering. 🕷️ Malware: AuraStealer 🎯 Target: Global/Windows Users #️⃣ Category: #AuraStealer #Infostealer #Malware #Windows #TikTok #DLLSideloading #AntiAnalysis #ThreatIntel 🔗 URL: cybersecuritynews.com/resear…

#booking spread #Aotera > #asyncrat via Vlc DllSideLoading 👇 ⛔️admin-extranet-information.]com/?ref=889988 👇 ⛔️willyprosty.]com/bpyosuiq 👇 ⛔️bestcruisetravelinsurance.]com/maishywuqoskfa.zip ✅Samples bazaar.abuse.ch/browse/tag/b… cc @k3dg3 @500mk500 @skocherhan

1/2 #booking spam email spread #Aotera>#asyncrat via FileZilla DllSideLoading 👇 ⛔️booking.web-partner-app.]com/slgn-ln? 👇 2vbkb.]com/win/ ⛔️sm.ps1 ⛔️omic. zip 👇 ⛔️C2 setkapls77.]com:4455 setkapls88.]com:4455 setkapls99.]com:4455 ❇️Eset detected #Ransomware FileCoder. MF

#fakecaptcha #booking #DllSideLoading Samples Collection Updated 👇 ❇️bazaar.abuse.ch/browse/tag/e… ⛔️extranet-info-book.]com 👇 ⛔️myotransy.]com/bqcngcapa 👇 ⛔️empowerhouseproject.]org/monstamanaq.]zip ✅AnyRun app.any.run/tasks/c467f31d-1… cc @k3dg3 @500mk500 @skocherhan