Application abuses Windows Defender Executable to perform DLL Sideloading
During a routine threat hunting exercise, Cyble Research and Intelligence Labs (CRIL) identified a fake Telegram website masquerading as a legitimate website that downloads a malicious installer. This installer abuses the Windows Defender application to perform RAT operations. The below figure shows the fake Telegram website.
Figure 1 – Website Hosting Fake Telegram Download Page
The fake website redirects users to Tele…