Cybersecurity

Cyber: Hackers Use Linkedin Messages To Spread Rat Malware Through Dll...

2026-01-20 0 views admin
Cyber: Hackers Use Linkedin Messages To Spread Rat Malware Through Dll...

Cybersecurity researchers have uncovered a new phishing campaign that exploits social media private messages to propagate malicious payloads, likely with the intent to deploy a remote access trojan (RAT).

The activity delivers "weaponized files via Dynamic Link Library (DLL) sideloading, combined with a legitimate, open-source Python pen-testing script," ReliaQuest said in a report shared with The Hacker News.

The attack involves approaching high-value individuals through messages sent on LinkedIn, establishing trust, and deceiving them into downloading a malicious WinRAR self-extracting archive (SFX). Once launched, the archive extracts four different components -

The infection chain gets activated when the PDF reader application is run, causing the rogue DLL to be sideloaded. The use of DLL side-loading has become an increasingly common technique adopted by threat actors to evade detection and conceal signs of malicious activity by taking advantage of legitimate processes.

Over the past week, at least three documented campaigns have leveraged DLL side-loading to deliver malware families tracked as LOTUSLITE and PDFSIDER, along with other commodity trojans and information stealers.

In the campaign observed by ReliaQuest, the sideloaded DLL is used to drop the Python interpreter onto the system and create a Windows Registry Run key that makes sure that the Python interpreter is automatically executed upon every login. The interpreter's primary responsibility is to execute a Base64-encoded open-source shellcode that's directly executed in memory to avoid leaving forensic artifacts on disk.

The final payload attempts to communicate with an external server, granting the attackers persistent remote access to the compromised host and exfiltrating data of interest.

The abuse of legitimate open-source tools, coupled with the use of phishing messages sent on social media platforms, shows that phishing attacks are not confined to emails alone and that alternative delivery methods can exploit security gaps to increase the odds of success and break into corporate environments.

ReliaQuest told The Hacker News that the campaign appears to be broad and opportunistic, with activity spanning various sectors and regions. "That said, because this activity plays out in direct messages, and social media platforms are typically less monitored than email, it's difficult to quantify the full scale," it added.

"This approach allows attackers to bypass detection and scale

Source: The Hacker News

🏷️ Tags

cybersecuritysecurityhackmalwareattack

More from Cybersecurity

Cyber: Chainlit AI Framework Bugs Let Hackers Breach Cloud Environments

Cyber: Chainlit AI Framework Bugs Let Hackers Breach Cloud Environments

2026-01-21 0
Cyber: Cisco Fixes Unified Communications RCE Zero Day Exploited In Attacks

Cyber: Cisco Fixes Unified Communications RCE Zero Day Exploited In Attacks

2026-01-21 0
Cyber: New Android Malware Uses AI To Click On Hidden Browser Ads 2026

Cyber: New Android Malware Uses AI To Click On Hidden Browser Ads 2026

2026-01-21 0
Cyber: 'contagious Interview' Attack Now Delivers Backdoor Via Vs Code

Cyber: 'contagious Interview' Attack Now Delivers Backdoor Via Vs Code

2026-01-21 0

Trending

1

Tech: Go-legacy-winxp: Compile Golang 1.24 code for Windows XP

2026-01-15 • 4457 views
2

Tech: Data is the only moat

2026-01-15 • 4133 views
3

Tech: Pocket TTS: A high quality TTS that gives your CPU a voice

2026-01-15 • 3239 views
4

Tech: AWS European Sovereign Cloud

2026-01-15 • 2741 views
5

Tech: JuiceFS is a distributed POSIX file system built on top of Redis and S3

2026-01-15 • 2719 views