ESET’s Nightmare: Chinese Hackers Exploit Security Flaw for Malicious Mischief

ToddyCat is at it again! This Chinese-affiliated threat actor is exploiting a flaw in ESET’s security software to deliver TCESB malware, and it’s as sneaky as a ninja in a blackout. The new trick? Hijacking DLLs while sipping on a cup of “admin-only” privilege tea. Watch out, Asia-Pacific!

3P
Published: April 9, 2025 12:06 pmAdded: April 9, 2025 at 5:45 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like ToddyCat is back with a new trick up its cyber-sleeve, and they’re playing a game of ‘hide-and-seek’ with ESET’s security software. Who knew DLLs could be the ultimate party crashers? Meanwhile, ESET is scrambling to patch things up like a parent trying to fix a major leak before the in-laws arrive for dinner. Grab your popcorn, folks, because this cybersecurity drama is turning into a thriller!

Key Points:

  • ToddyCat is exploiting a flaw in ESET’s security software to deliver the TCESB malware.
  • The attack leverages DLL Search Order Hijacking using “version.dll”.
  • The flaw, CVE-2024-11859, was patched by ESET in January 2025.
  • TCESB uses a BYOVD technique with the vulnerable Dell driver DBUtilDrv2.sys.
  • Monitoring for installation events involving vulnerable drivers is recommended.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?