ESET’s Epic Fail: Hackers Hijack Security Software to Sneak Malware Through the Backdoor

An APT group, ToddyCat, exploited an ESET flaw to stealthily execute malware, bypassing security like a ninja in a library. The vulnerability, CVE-2024-11859, allowed mischief through DLL hijacking. ESET patched the issue, but not before ToddyCat had a field day with their sneakiness.

3P
Published: April 10, 2025 11:26 amAdded: April 10, 2025 at 4:47 amAssembled by: The Editor
Pro Dashboard

Hot Take:

When it comes to cyber espionage, it’s always “ToddyCats” out of the bag! Once again, the feline-named APT shows us that the only thing scarier than a hacker with skills is a hacker with a toolkit named after a vulnerable DLL. ESET didn’t see this one coming, but at least they patched it before the vulnerability became the cyber equivalent of catnip for other malicious actors!

Key Points:

  • ToddyCat APT exploited a vulnerability in ESET software for stealthy malware execution.
  • The flaw, CVE-2024-11859, is a DLL Search Order Hijacking issue.
  • The exploit involved a C++ tool called TCESB bypassing security measures.
  • ESET patched the vulnerability in January 2025.
  • BYOVD technique used to evade detection with a vulnerable Dell driver.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?