DLL hijacking is an attack method used by threat actors to take advantage of the way Windows loads dynamic link libraries (DLLs).
During the launch of a Windows executable, it will look for any DLL dependencies present in the Windows search path. The program would instead load a malicious DLL and infect the computer if a threat actor creates a malicious DLL with the same name as one of the program’s necessary DLLs and retained it in the same folder as the executable.
QBot, also known as Qakbot, is a Windows malware that was initially a banking trojan but later emerged as a full-featured malware dropper. The malware is also utilized by renowned ransomware gangs like Black Basta, Egregor, and Prolock in order to gain initial access to corporate networks.
In July, security researcher ProxyLife found that threat actors were using the Windows 7 Calculator’s DLL hijacking vulnerability, in order to spread the QBot malware.
Meanwhile this week, ProxyLife reported that the threat actors have switched to utilizing a DLL hijacking flaw in the Windows10 Control Panel executable, namely control.exe.
Abusing the Windows Control Panel:&nb
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: