An advanced persistent threat actor known as Dragon Breath has been observed adding new layers of complexity to its attacks by adopting a novel DLL side-loading mechanism.
The latest campaigns add a twist in which a first-stage clean application ‘sides’ with a second clean application and auto-executes it.
This double-clean-app technique, targeting a user sector that has traditionally been less scrutinized by security researchers, represents the continued vitality of this approach.
Szappanos describes the Dragon Breath group’s attack as employing a technique called dll sideloading which allows two clean applications to side-load a malicious DLL.
It was first introduced in Windows products in 2010 but prevalent across multiple platforms, he says.
DLL sideload is a technique that allows an attacker to load two legitimate applications into one .
๐ Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐๏ธ
If not, consider contributing to my caffeine supply at Buy Me a Coffee โ๏ธ.
Your clicks = cosmic support for more awesome content! ๐๐
Leave a Reply