Cybercriminals Swarm Windows Utility Regsvr32 to Spread Malware

Cybercriminals Swarm Windows Utility Regsvr32 to Spread Malware-01

The living-off-the-land binary (LOLBin) is anchoring a rash of cyber-attacks bent on evading security detection to drop Qbot and Lokibot.

LOLBins are legitimate, native utilities used daily in various computing environments that cybercriminals use to evade detection by blending in to normal traffic patters. In this case, Regsvr32 is a Microsoft-signed command line utility in Windows that allows users to register and unregister libraries. By registering, a .DLL file, information is added to the central directory (the Registry) so that it can be used by Windows and shared among programs.

Malicious use of Regsvr32 has been cresting of late in the Uptycs telemetry, researchers warned, with cybercrooks specifically attempting to register.

Read More: https://threatpost.com/cybercriminals-windows-utility-regsvr32-malware/178333/