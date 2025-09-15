Infosecurity Magazine reports that increasingly covert cyberattacks are being facilitated by the growing use of new living-off-the-land techniques. Malicious Compiled HTML Help files purporting to be project documentation attachments have been distributed as part of a campaign that sought to facilitate multi-stage compromise, with various Windows LOTL binaries leveraged by the embedded script that eventually resulted in the deployment of the XWorm payload within the MSBuild process, an HP Wolf analysis revealed. Another attack campaign harnessed minuscule scalable vector graphics files, which opened a spoofed Adobe Acrobat Reader interface to lure victims into downloading a ZIP archive with malware. Threat actors have also leveraged phishing emails with IMG archives to facilitate the distribution of the Lumma Stealer malware without triggering security systems. "We're seeing more chaining of living-off-the-land tools and use of less obvious file types, such as images, to evade detection," said HP Security Lab Principal Threat Researcher Alex Holland.
Network Security, Threat Intelligence
New LOTL tactics gain traction in cybercrime
An In-Depth Guide to Network Security
Get essential knowledge and practical strategies to fortify your network security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds