Threat actors are actively exploiting the Windows Problem Reporting (WerFault.exe) error reporting tool for Windows to load malware into a compromised system's memory using a DLL sideloading technique, according to researchers at K7 Security Labs.
Abusing a legitimate Windows executable allows attackers to infect devices without raising any alarms. This particular attack is reportedly delivered via an email that contains an ISO attachment. The malware downloaded in this campaign is the Pupy Remote Access Trojan (RAT) which allows threat actors to gain full access to infected devices, enabling them to execute commands, steal data, install further malware, or spread laterally through a network. As an open-source tool, it has been used by several state-backed cyber groups like the Iranian APT33 and APT35 groups. Likewise, QBot malware threat actors have been observed using a similar attack chain last summer, exploiting the Windows Calculator to evade detection by security software. Read more at BleepingComputer.