Criminals hijack antivirus software to deliver malware

A known Chinese threat actor has been found abusing a flaw in a well-known antivirus program to deliver malware to high-profile targets in Japan.

Cybersecurity researchers at Kaspersky recently spotted Cicada, also known as APT10,  tricking employees at various organizations in Japan – from media firms to government agencies – into downloading a compromised version of the company’s K7Security Suite.   

Those that fall for the trick end up getting LODEINFO, a three-year-old malware that’s capable of executing PE files and shellcode, uploading and downloading files, killing processes, and sending out file lists, among other things.

DLL sideloading

The malware is being distributed through a practice known as DLL sideloading. First, the victim needs to be led to a fake K7Security Suite download page, where they’d download the software. The installation executable itself wouldn’t be malicious – it would be the actual antivirus solution. However, the same fol