Most Viewed Content:

Kodi 20 Nexus Launched with AV1 Hardware Decoding and PipeWire Multimedia Server

Kodi is a free, open source and cross-platform home...

OnePlus debuts its first Pad: 11.6-inch large screen and all-metal body

OnePlus officially announced that it will release its first...

Apple, AMD and Nvidia compete for TSMC’s AI chip orders, related chips will be produced after April

According to Taiwan's Economic Daily News, Apple, AMD and...

Microsoft Windows 10 / 11 to run malware via DLL side loading techniques

Hackers have abused the Windows Problem Reporting (WerFault.exe), a built-in error reporting tool in Microsoft Win10 / Win11, to run malware on the memory of infected devices via DLL side-loading technology.

The hacker first launches the malware through a legitimate Windows executable file, the whole process does not trigger any warnings and thus covertly infects the device. K7 Security Labs security company was the first to discover this attack method.

The malware campaign begins with an email with an ISO attachment. After double-clicking on the ISO file, the user mounts itself as a new drive letter containing a legitimate copy of the Windows WerFault.exe executable, a DLL file (“faultrep.dll”), an XLS file ( “File.xls”) and a shortcut file (‘inventory & our specialties.lnk’).

The victim launched the infection chain by clicking on the shortcut file, which uses “scriptrunner.exe” to execute WerFault.exe. WerFault is the standard Windows error reporting tool used in Windows 10 and 11, allowing the system to track and report errors. WerFault is a standard Windows error reporting tool used in Windows 10 and 11 that allows the system to track and report errors related to the operating system or applications.

Anti-virus tools usually trust WerFault because it is a legitimate Windows executable file signed by Microsoft, so launching it on a system will not usually trigger an alert to warn victims.

After launching WerFault.exe, the malware will use a known DLL sideloading flaw to load the malicious ‘failrep.dll’ DLL contained in the ISO.

Normally, the ‘faultrep.dll’ file is a legitimate DLL that Microsoft needs in the C:\Windows\System32 folder for WerFault to run correctly; however, the malicious DLL version in the ISO contains additional code that is used to launch the malware.

Latest

Honor Magic 5 series announced for overseas release on February 27

MWC 2023 conference will kick off on February 27...

Wuling Hongguang MINI EV Wins 2022 Global Small Pure Electric Vehicle Annual Sales Title

Wuling Motors announced that in 2022, Wuling Hongguang MINI...

Wuling Bingo will be listed in March with a maximum range of 333km

Wuling officials said, Bingo will go on sale in...

Apple’s recommended physical security keys for iPhones, iPad, and Mac

iOS 16.3, iPadOS 16.3 and macOS 13.2 bring major...
spot_img

Newsletter

Don't miss

Honor Magic 5 series announced for overseas release on February 27

MWC 2023 conference will kick off on February 27...

Wuling Hongguang MINI EV Wins 2022 Global Small Pure Electric Vehicle Annual Sales Title

Wuling Motors announced that in 2022, Wuling Hongguang MINI...

Wuling Bingo will be listed in March with a maximum range of 333km

Wuling officials said, Bingo will go on sale in...

Apple’s recommended physical security keys for iPhones, iPad, and Mac

iOS 16.3, iPadOS 16.3 and macOS 13.2 bring major...

OPPO K9 Pro 5G opens ColorOS 13 Android 13 internal test recruitment

In order to meet the tasting experience needs,...
spot_imgspot_img

Vivo Y100 specifications revealed: equipped with MediaTek Dimensity 900 chip

Compared to Vivo's X series, the Y series has taken the lead in getting the number up to 100. The Vivo Y100 will be launched...

Acer founder: Intel’s loss shows PC industry is saturated

Intel January 27 released the fourth quarter and full-year financial results for 2022. According to the report, Intel's fourth quarter revenue was $14 billion...

OPPO Reno8 T box and price overseas exposure

The new OPPO Reno8 T has been leaking for the past few weeks and is expected to be released in the Philippines on February...