Under the Hood of BlotchyQuasar: DLL-Based RAT Campaigns Against Latin America
Alessio Di Santo
TL;DR
This paper analyzes a sophisticated DLL side-loading malware campaign targeting Latin America, which uses deception and multi-stage infection to steal sensitive data and establish persistence, highlighting its threat to regional cybersecurity.
Contribution
It uncovers the mechanisms of the BlotchyQuasar RAT campaign, detailing its DLL hijacking technique, infection process, and malicious capabilities, emphasizing its rapid development and regional impact.
Findings
Uses DLL side-loading to bypass security defenses
Steals browser credentials and banking info
Establishes persistence via registry modifications
Abstract
A sophisticated malspam campaign was recently uncovered targeting Latin American countries, with a particular focus on Brazil. This operation utilizes a highly deceptive phishing email to trick users into executing a malicious MSI file, initiating a multi-stage infection. The core of the attack leverages DLL side-loading, where a legitimate executable from Valve Corporation is used to load a trojanized DLL, thereby bypassing standard security defenses. Once active, the malware, a variant of QuasarRAT known as BlotchyQuasar, is capable of a wide range of malicious activities. It is designed to steal sensitive browser-stored credentials and banking information, the latter through fake login windows mimicking well-known Brazilian banks. The threat establishes persistence by modifying the Windows registry , captures user keystrokes through keylogging , and exfiltrates stolen data to a…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.