@glyph "To evade detection, we observed the use of legitimate services such as Telegram for command-and-control communications, obfuscated Python scripts, malicious DLLs being sideloaded, Python interpreter masquerading as a system process (i.e., svchost.exe), and the use of signed and living off the land binaries."
ah yes, python's offers such boons to malware writers as dynamic linking DLLs
@glyph also what the hell is "living off the land binaries" did chat gpt write this drivel
EDIT: the term has been explained and no further commentary is necessary
@aeva it’s a slightly odd use of the phrase, but “living off the land” is a term of art in infosec referring to reducing malware payload footprint and detectability, so an LOTL binary is just a preinstalled (usually scriptable in some way) thing that is already legitimately present in the target environment. not defending the overall quality of the writing but that part was legible to me :)
