Security experts have disclosed details of an active malware campaign that’s exploiting a DLL side-loading vulnerability in a legitimate binary associated with the open-source c-ares library to bypass security controls and deliver a wide range of commodity trojans and stealers.”Attackers achieve evasion by pairing a malicious libcares-2.dll with any signed version of the legitimate ahost.exe (
First seen on thehackernews.com
Jump to article: thehackernews.com/2026/01/hackers-exploit-c-ares-dll-side-loading.html
