Security experts have uncovered an active malware campaign exploiting DLL side-loading vulnerabilities in open-source software to deploy various trojans and stealers, bypassing traditional security defenses. The attackers use trusted, signed utilities like GitKrakenβs ahost.exe to gain access, targeting regional organizations with phishing schemes involving fake login pages and cloud infrastructure abuse. #DLLSideLoading #GitKraken #AsyncRAT #PhishingScams
Keypoints
- The campaign exploits DLL side-loading vulnerabilities in legitimate software to evade security controls.
- Threat actors distribute malware such as Agent Tesla, CryptBot, and DCRat through disguised filenames and themes.
- Targets include employees in finance, procurement, and industrial sectors across specific regions with multi-language lures.
- Advanced phishing attacks utilize Browser-in-the-Browser (BitB) technique and trusted cloud hosting to deceive users.
- Cybercriminals leverage living-off-the-land techniques and open-source tools to maintain persistence and evade detection.
Read More: https://thehackernews.com/2026/01/hackers-exploit-c-ares-dll-side-loading.html