New Persistence Method
The paper describes a Windows persistence method that abuses a weak signature validation path in OneDrive support binaries and DLL search behavior. The method focuses on a user-level hijack of FileCoAuthLib64.dll so that a malicious DLL executes under FileCoAuth.exe, launched indirectly by svchost.exe, without any signature check. — Targeted components and design weakness DarkBit focuses…
You must be logged in to post a comment.