Windows Error Reporting Tool Utilized By Hackers To Distribute Malware

Windows Error Reporting Tool Utilized By Hackers To Distribute Malware

Hackers have recently been using the Windows Problem Reporting tool (WerFault.exe) to deploy malware into compromised systems. This error reporting tool is a built-in feature in Windows that sends crash reports to Microsoft in order to help the company improve its products. However, hackers have figured out a way to abuse this tool and use it to their advantage.

Windows Error Reporting Tool Utilized By Hackers

DLL sideloading, the method these hackers employed, is putting a malicious copy of a DLL in the same directory as the executable that calls it. As long as the two DLLs share the same name, Windows will run the executable before the legitimate version. This means that the malicious DLL will be loaded into the system’s memory, allowing the hackers to deploy their malware.

 

In this particular campaign, the hackers have been using the Pupy Remote Access Trojan (RAT), which allows them to remotely control the compromised system. 

Since open-source technologies make attribution and persistent operation more difficult to trace, they have been employed by a number of state-backed espionage actors, including the Iranian APT33 and APT35 groups. Last summer, it was observed that QBot malware distributors had adopted a similar assault strategy, making use of the Windows Calculator to avoid detection by security tools.

Once the RAT’s DLL is loaded into memory, the hackers can perform a variety of actions, such as stealing sensitive information, installing additional malware, or even using the compromised system as part of a botnet for further attacks.

The campaign was discovered by K7 Security Labs, although it is unclear who the hackers are or where they are based. However, it is believed that the group responsible for this attack is located in China.

Users need to be aware of this type of attack and take steps to protect themselves. This includes keeping their systems and software up to date, avoiding suspicious emails and websites, and using a reputable antivirus program. Also, do not forget to regularly scan for and remove any malware that may already be present on the system.

Also Read

How to Fix Error 0x80300024 When Installing Windows

FIX Unable to Access JarFile error on Windows 10/11

How to Fix ‘Please Wait for the GPSVC’ Error

Posted by
Angello Mathews

Angello Mathews is a technical content writer with expert in the field of science & technology. She has a very good academic and professional profile . When she is not writing, she will be seen travelling around the world

Leave a Reply

Your email address will not be published. Required fields are marked *