Summary: A Chinese-affiliated threat actor, ToddyCat, has exploited a security vulnerability in ESET software to deliver a new malware, TCESB, which stealthily executes payloads while bypassing established protective measures. The malware employs DLL Search Order Hijacking and abuses the legitimate Microsoft DLL “version.dll” to gain unauthorized access. ESET has patched the vulnerability, tracked as CVE-2024-11859, after its responsible disclosure, but the sophisticated payload delivery mechanism poses ongoing risks to vulnerable systems.
Affected: ESET security software, targeted entities in the Asia-Pacific region
Keypoints :
- TCESB is characterized by stealth and circumvention of monitoring tools, marking a notable evolution in ToddyCat’s attack methods.
- The vulnerability exploited (CVE-2024-11859) allows attackers with administrator privileges to execute malicious DLLs, posing a significant security threat.
- TCESB uses a vulnerable Dell driver to facilitate further exploitation and payload delivery, raising concerns about the recurring abuse of similar software vulnerabilities.
Source: https://thehackernews.com/2025/04/new-tcesb-malware-found-in-active.html