<p>Well-known Chinese threat actors have been discovered abusing a flaw in a known antivirus application to deliver malware to selected targets in Japan.</p>
<p><img class="alignnone size-full wp-image-3387" src="https://www.wincert.net/wp-content/uploads/2019/11/hacker_pixabay.jpg" alt="" width="640" height="426" /></p>
<p>Cybersecurity researchers from the Kaspersky lab spotted Cicada (APT10), which was tricking employees at various organizations from Japan into downloading compromised versions of the company&#8217;s K7Security Suite.</p>
<p>Companies that include government agencies and media firms who fall for the trick end up getting LODEINFO, which is a three-year-old malware app that is, among other things, capable of executing PE files and shellcode, killing processes, and uploading and downloading files.</p>
<p>Cicada malware has been distributed with a method known as DLL sideloading where the victim first has to download a fake K7Security Suite. Interestingly the installation executable itself isn&#8217;t malicious, but the folder with installation will usually carry malicious K7SysMn1.dll files.</p>
<p>K7SysM1.dll file is part of the K7Security Suite installation and the setup cannot distinguish the valid vs malicious file.</p>
<p>Since the file has been loaded by legitimate security applications, other security software probably won&#8217;t be able to detect it as malicious.</p>
<p>Security researchers couldn&#8217;t determine how many organizations fall for this trick or what is the actual goal of this campaign, although cyber espionage is the most probable answer.</p>