AhnLab Reports XLoader Malware Using DLL Side-Loading Technique

AhnLab identifies XLoader malware using DLL side-loading technique. The AhnLab Security Intelligence Center (ASEC) has reported the distribution of XLoader malware through a DLL side-loading attack, which involves placing a malicious DLL alongside a legitimate application, jarsigner, in the same directory. The attack utilizes two malicious files, jli.dll and concrt140e.dll, while the legitimate jarsigner.exe is disguised as Documents2012.exe. The malicious jli.dll executes threat actor functions, while concrt140e.dll serves as an encrypted payload that, once decrypted, is injected into another legitimate file for execution. This malware is designed to steal sensitive information and download additional malicious software. Users are advised to exercise caution when handling executable files distributed with other files.