Latrodectus Unmasked: The Art of Persistent Execution via Trusted Binaries

In a recent Latrodectus malware campaign, we observed a particularly insidious choice for persistence by modifying Windows registry keys to launch a legitimate signed executable, mimicking security software, hiding malicious DLL side-loading enabling stealthy execution. Such registry changes may be deprioritized or complicate detection by security teams, which is why it is necessary to pay critical attention to similar activities, recognizing the indicators of this campaign.