Cybersecurity researchers have uncovered a new social media-based phishing campaign that uses DLL sideloading and legitimate open-source tools to deploy remote access Trojans and maintain persistent access. This highlights the growing threat of social media channels as attack surfaces for cybercriminals. #LOTUSLITE #PDFSIDER
Keypoints
- The campaign targets high-value individuals via LinkedIn messages to deliver malicious payloads.
- Attackers utilize DLL sideloading with open-source Python scripts to evade detection.
- The malware involves downloading components including a legitimate PDF reader, a malicious DLL, and a Python interpreter.
- Once infected, the system is configured for persistent remote access and data exfiltration.
- Social media messaging is increasingly exploited as an attack vector due to limited security monitoring.
Read More: https://thehackernews.com/2026/01/hackers-use-linkedin-messages-to-spread.html