When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
WordDrone focuses on companies in Taiwan, particularly those involved in the drone manufacturing industry.
DLL side-loading is a technique that exploits how Windows applications load libraries.
This use of DLL side-loading makes it difficult for traditionalsecurity toolsto detect the attack.
This tactic allows the malware to evade detection by security systems that fully trust signed binaries.
Once the attack is triggered, a series of malicious actions unfold.
The final stage of the attack begins with two important tasks.
First, the malware performs NTDLL unhooking, a technique used to remove potential hooks placed by security software.
This effectively disables the ability of security software to detect or prevent further malicious activity.
The configuration for C2 communication is embedded in the malware and it’s based on a time-based schedule.
Once communication is established, the malware could receive additional commands or payloads from the C2 server.
The custom binary format used in the communication made it more difficult to detect and analyze the traffic.
