Security News > 2023 > January > Hackers abuse Windows error reporting tool to deploy malware
Hackers are abusing the Windows Problem Reporting error reporting tool for Windows to load malware into a compromised system's memory using a DLL sideloading technique.
The use of this Windows executable is to stealthy infect devices without raising any alarms on the breached system by launching the malware through a legitimate Windows executable.
WerFault is the standard Windows error reporting tool used in Windows 10 and 11, allowing the system to track and report errors related to the operating system or applications.
Windows use the tool to report an error and receive potential solution recommendations.
The malicious DLL version in the ISO contains additional code to launch the malware.
Pupy RAT is an open-source and publicly available malware written in Python that supports reflective DLL loading to evade detection, and additional modules are downloaded later.
News URL
Related news
- Chinese hackers target Linux with new WolfsBane malware (source)
- Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia (source)
- North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn (source)
- Salt Typhoon hackers backdoor telcos with new GhostSpider malware (source)
- RomCom hackers chained Firefox and Windows zero-days to deliver backdoor (source)
- Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries (source)
- Firefox and Windows zero-days exploited by Russian RomCom hackers (source)
- APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign (source)
- Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware (source)
- Windows, macOS users targeted with crypto-and-info-stealing malware (source)