Chinese Threat Actors Use MSI Files to Bypass Windows, VT Detection

Chinese hackers are exploiting the Windows Installer (MSI) format to bypass security scans using stealth tactics, according to researchers from Cyberint. Their software loader, named UULoader, is primarily circulated through phishing emails and poses as entry mechanisms for sites like Google Chrome. This emerging trend uses file headers and evasion mechanisms to bypass existing security precautions and has yet to raise suspicions amongst users.
Source: www.darkreading.com
- Read more