Info Stealing Campaign Uses DLL Sideloading Through Legitimate Cisco Webex’s Binaries for Initial Execution and Defense Evasion
Essential information
- Published
- 20/06/2024 12:18
- Modified
- 20/06/2024 14:41
- Tags
- 2024-06-20 autoit3 cisco webex meetings app module pe payload service systems vt executed vt powershell vt sustained
- Related entities
- 36 observables, 1 intrusion sets (apt), 15 techniques (mitre), 3 malware
Description
In March 2024, researchers at the Trellix Advanced Research Center uncovered a sophisticated and evasive attack campaign targeting users in Latin America and Asia Pacific through trojanized copies of the Cisco Webex Meetings App. This campaign employed a stealthy malware loader, known as HijackLoader, and an information-stealing module identified as Vidar Stealer, to siphon off credentials and sensitive data undetected by leveraging legitimate processes.