CySecurity News - Latest Information Security and Hacking Incidents

Lazarus’s Latest Weapons: Wslink Loader and WinorDLL64 Backdoor

Cyberattacks have become increasingly advanced, and one of the most dangerous threats that companies face these days is backdoors. Backdoors are a type of malware that gives unauthorized access to a system to hackers, letting them steal important info, interrupt operations, and impact security. One such backdoor that surfaced recently is WinorDLL64, linked with the North Korean hacking group, Lazarus.

What is Wslink and WinorDLL64?

ESET researchers have found one of the payloads of the Wslink downloader that experts previously discovered in 2021. The payload is called WinorDLL64 based on its filename. Wslink, a loader for Windows binaries, is different from other loaders, it runs as a server and executes retrieved modules in memory. 

As the name suggests, a loader would serve as a tool to launch the payload or the malware into the infected system. Experts haven’t identified the initial Wslink compromise vector yet. The WinorDLL64 is delivered by the Wslink malware downloader. These tools may be linked with the infamous North Korea-based APT group Lazarus. 

About WinorDLL64?

ESET researchers have found one of the payloads of the Wslink downloader that experts previously discovered in 2021. The payload is called WinorDLL64 based on its filename. Wslink, a loader for Windows binaries, is different from other l

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article: