Kazuar Backdoor Uses DLL Side-Loading and PowerShell Loaders for Stealthy Execution

The Kazuar backdoor utilizes DLL side-loading and PowerShell loaders to achieve stealthy execution and resilient command-and-control by embedding malicious code within legitimate processes. Defenders can mitigate these risks by monitoring process parent-child relationships, enabling PowerShell script block logging, and employing memory and API monitoring to detect anomalous loader behaviors.

Edward Kiledjian @ekiledjian