Hackers Exploit c-ares DLL Side-Loading to Bypass Security and Deploy Malware

Security experts have disclosed an active malware campaign exploiting a DLL side-loading vulnerability in a signed GitKraken binary to deliver a wide range of commodity trojans and stealers. The campaign targets employees in finance, procurement, supply chain, and administration roles within commercial and industrial sectors, using lures written in multiple languages. The attack involves placing a malicious version of the DLL in the same directory as the vulnerable binary to execute rogue code, bypassing traditional security defenses. Additionally, Trellix reported a surge in Facebook phishing scams using the Browser-in-the-Browser technique to deceive users into entering their credentials.