The rise of SILKLOADER, a new piece of malware that loads Cobalt Strike onto infected machines, is forcing threat actors to seek alternative options or concoct new ways to propagate the framework to evade detection. SILKLOADER joins other loaders such as KoboldLoader, MagnetLoader, and LithiumLoader that have been recently discovered incorporating Cobalt Strike components. It also shares overlaps with LithiumLoader in that both employ the DLL side-loading method to hijack a legitimate application with the goal of running a separate, malicious dynamic link library (DLL). SILKLOADER achieves this via specially crafted libvlc.dll files that are dropped alongside a legitimate but renamed VLC media player binary (Charmap.exe).
top of page
bottom of page