Security News > 2022 > October > Hacking group abuses antivirus software to launch LODEINFO malware
The Chinese Cicada hacking group, tracked as APT10, was observed abusing security software to install a new version of the LODEINFO malware against Japanese organizations.
The cybersecurity company has published two reports, one illustrating new APT10's infection chain techniques and a second focusing on the evolution of LODEINFO. Abusing security software.
If the malicious DLL is stored in the same folder as the legitimate executables, when launched, the executable will now load the malicious DLL, which contains the LODEINFO malware.
As the malware is side-loaded using a legitimate security application, other security software may not detect it as malicious.
New LODEINFO. The malware authors released six new versions of LODEINFO in 2022, the latest being v0.6.7, released in September 2022.
At the end of 2021, with the release of LODEINFO v0.5.6, APT10 added multiple C2 communication encryption layers using the Vigenere cipher key in combination with randomly generated junk data.