Fake Google Chrome Spreads ValleyRAT Malware via DLL Hijack

Cybercriminals are using fake Chrome websites to distribute ValleyRAT malware through DLL hijacking. This malware targets high-value financial, accounting, and sales roles, aiming to steal sensitive data.

Here’s what you need to know: ⚠️ The attack starts with a fake Chrome installer. ⚠️ It downloads multiple payloads, including a rogue DLL. ⚠️ Once infected, the malware can log keystrokes, monitor screens, and steal valuable information.

🔒 How to Stay Safe: ✅ Download software only from official sources. ✅ Use updated antivirus software. ✅ Avoid clicking on suspicious links or pop-ups.

Read the full story and learn how to protect yourself from these threats https://infovistar.in/fake-google-chrome-spreads-valleyrat-malware-via-dll-hijack/

Invoke-WinSATBypass This script will create a mock directory of...

Invoke-WinSATBypass This script will create a mock directory of "C:\Windows\System32" and copy a legitimate application of Windows (WinSAT.exe) into it. It will after try to download a DLL called version.dll, which is loaded by default by WinSAT.exe, in order to perform a #UACBypass by doing some #DLLHijacking. There is a pre-compiled DLL in the project folder that will only launch a CMD instance as Administrator. If you want to execute any other payload (reverse-shell, user add-on, etc...), you will need to compile a DLL yourself and serve it on your local web server https://github.com/b4keSn4ke/Invoke-WinSATBypass Demo: https://github.com/b4keSn4ke/Invoke-WinSATBypass/blob/main/img/demo.gif

GitHub - b4keSn4ke/Invoke-WinSATBypass: Powershell UAC Bypass script leveraging WinSAT.exe - GitHub Powershell UAC Bypass script leveraging WinSAT.exe - GitHub - b4keSn4ke/Invoke-WinSATBypass: Powershell UAC Bypass script leveraging WinSAT.exe

Faxhell – A Bind Shell Using The Fax Service And A DLL Hijack | MrHacker.Co #bind #bindshell #dll #dllhijack #fax #hacker #hacking #cybersecurity #hackers #linux #ethicalhacking #programming #security #mrhacker

Realtek Patched DLL Hijacking Vulnerability In HD Audio Driver #arbitrarycodeexecution #arbitraryfileupload #bug #dll #dllhijack #dllhijacking #dynamiclinklibraries #flaw #realtek #realtekhdaudiodriver #realtekhdaudiodrivervulnerability #remotecodeexecution #vulnerability #hacking #hacker #cybersecurity #hack #ethicalhacking #hacknews

UsoDllLoader – Weaponizing Privileged File Writes With The Update Session Orchestrator Service | MrHacker.Co #dllhijacking #file #microsoft #orchestrator #privileged #hacker #hacking #cybersecurity #hackers #linux #ethicalhacking #programming #security #mrhacker

EvilDLL – Malicious DLL (Reverse Shell) Generator For DLL Hijacking | MrHacker.Co #dll #dllhijacking #evildll #generator #hijacking #hacker #hacking #cybersecurity #hackers #linux #ethicalhacking #programming #security #mrhacker

UsoDllLoader - Weaponizing Privileged File Writes With The Update Session Orchestrator Service

UsoDllLoader - Windows - Weaponizing Privileged File Writes With The Update Session Orchestrator Service #DllHijacking

[sc name=”ad_1″]

2020-06-06 Update: this trick no longer works on the latest builds of Windows 10 Insider Preview. This means that, although it still works on the mainstream version of Windows 10, you should expect it to be patched in the coming months.

Description This PoC shows a technique that can be used to weaponize privileged file write vulnerabilitieson Windows. It provides an alternative…

View On WordPress

EvilDLL - Malicious DLL (Reverse Shell) Generator For DLL Hijacking

EvilDLL - Malicious DLL (Reverse Shell) Generator For DLL Hijacking #dll #DllHijacking #EvilDLL #generator #hijacking

[sc name=”ad_1″]

Read the license before using any part from this code 🙂 Malicious DLL (Win Reverse Shell) generator for DLL Hijacking

Features:

Reverse TCP Port Forwarding using Ngrok.io

Custom Port Forwarding option (LHOST,LPORT)

Example of DLL Hijacking included (Half-Life Launcher file)

Tested on Win7 (7601), Windows 10

Requirements:

Mingw-w64 compiler: apt-get install mingw-w64

Ngrok…

View On WordPress