A new malware family called PDFSider is being used in targeted attacks, including by multiple ransomware groups, to deploy advanced backdoors and evade detection. The malware leverages legitimate applications and sophisticated techniques like DLL sideloading and environmental checks to carry out cyberespionage and remote code execution. #PDFSider #MustangPanda #DLLSideloading #Cyberespionage
Keypoints
- PDFSider is a stealthy malware that delivers encrypted command-and-control capabilities for cyberespionage and RCE.
- The malware is sideloaded via legitimate software like PDF24 Creator in spear-phishing campaigns.
- Both APT groups and cybercriminals are adopting DLL sideloading techniques to evade security detection.
- Mustang Panda used DLL sideloading and a custom backdoor called LotusElite in campaigns targeting US government entities.
- Many malware families, including AgentTesla and Vidar, now exploit DLL sideloading for persistence and privilege escalation.
Read More: https://www.securityweek.com/apt-grade-pdfsider-malware-used-by-ransomware-groups/