incident
Infostealer Campaign Uses DLL Sideloading with Signed Microsoft Office Binary to Evade DetectionDLL sideloading via winword.exe for infostealer delivery
An infostealer campaign targeting professional networks used DLL sideloading via a legitimate signed Microsoft Office binary (winword.exe) to execute malicious code. At the time of discovery, the payload had zero detections on VirusTotal, indicating effective evasion of antivirus engines. The technique leverages trusted process execution to reduce behavioral suspicion.