Chinese Entanglement | DLL Hijacking in the Asian Gambling Sector

By Aleksandar Milenkoski and Tom Hegel

Executive Summary

• SentinelLabs has identified suspected-Chinese malware and infrastructure potentially involved in China-associated operations directed at the gambling sector within Southeast Asia.


• The threat actors abuse Adobe Creative Cloud, Microsoft Edge, and McAfee VirusScan executables vulnerable to DLL hijacking to deploy Cobalt Strike beacons.


• We’ve observed related malware using the signature of a likely stolen code signing certificate issued to PMG PTE LTD, a Singapore-based vendor of Ivacy VPN services.


• Indicators point to the …

abuse adobe asia china chinese cloud cobalt cobalt strike deploy dll dll hijacking edge executive gambling hijacking infrastructure malware malware analysis mcafee microsoft microsoft edge operations sector sentinellabs southeast asia strike threat threat actors tom hegel vulnerable