DLL side-loading
-
MuddyWater campaign hit at least nine organizations across four continents, researchers say
MuddyWater was linked to a 2026 campaign that hit at least nine organizations in nine countries. Researchers said the group used DLL side loading, signed binaries and browser-stealing malware to support espionage.
-
Mustang Panda-linked LOTUSLITE variant targets India banking sector
A new LOTUSLITE malware variant has been spotted in a campaign aimed at India’s banking sector, with related lures also tied to South Korean and U.S. policy communities.
-
UAT-10362 targets Taiwanese NGOs with Lua malware in spear-phishing campaign
A previously undocumented threat cluster called UAT-10362 has targeted Taiwanese NGOs and suspected universities with spear-phishing emails carrying Lua-based malware, according to Cisco Talos. The campaign uses DLL side-loading, geofencing and layered dropper tools.
-
LinkedIn messages used to deliver RAT via DLL sideloading
A LinkedIn phishing campaign delivers a WinRAR SFX that sideloads a malicious DLL and installs a Python interpreter which runs Base64 in-memory shellcode to deploy a remote access trojan and exfiltrate data.
-
PDFSider backdoor deployed on Fortune 100 finance firm network
A Resecurity technical analysis found PDFSider, a Windows backdoor, was used to deliver ransomware on a Fortune 100 finance firm’s network. The malware uses DLL side-loading, memory-only execution, DNS exfiltration, and AES-256-GCM encryption.
-
LOTUSLITE backdoor used in campaign targeting U.S. policy entities
Researchers disclosed a campaign on January 16, 2026 that used Venezuela-themed lures to deliver the LOTUSLITE backdoor to U.S. government and policy organizations via ZIP archive and DLL side-loading. Attribution is to Mustang Panda with moderate confidence.
-
Report finds DLL side-loading attack using GitKraken ahost.exe spreads trojans and stealers
A Trellix report says attackers exploit DLL side-loading in a utility tied to the c-ares library to deliver multiple trojans and stealers to employees in commercial and industrial sectors using invoice themed lures in several languages.
-
China-linked Tick group exploits Lanscope flaw to deploy Gokcpdoor backdoor
A critical Lanscope Endpoint Manager flaw (CVE-2025-61932, CVSS 9.3) has been exploited by the Tick espionage group to deploy a Gokcpdoor backdoor and other tooling, with JPCERT/CC confirming active abuse and researchers advising prompt patching and review of internet-exposed servers.
-
China-linked Salt Typhoon exploited Citrix to target European telecom, Darktrace says
Security firm Darktrace reported that a European telecommunications organisation was targeted in July 2025 by a China-linked group known as Salt Typhoon, which exploited a Citrix NetScaler Gateway to gain access and deployed Snappybee via DLL side-loading; the activity was detected and remediated and the victim was not named.
-
Confucius-linked phishing in Pakistan used WooperStealer and Anondoor, researchers say
Researchers say the Confucius hacking group targeted Pakistani users with phishing lures that delivered WooperStealer and, in later attacks, a Python backdoor called Anondoor; Fortinet and K7 Security Labs described the techniques and capabilities but did not disclose victim counts.
