Reading time: 10 minutes
Dynamic Link Libraries (DLL) Hijacking is an type of cyber attack when hackers replace the genuine .dll file with the malicious file. This corrupted file, when used by the application, gives erroneous results as programmed by the hacker.
Procedure For The Attack
- In this attack, the hacker first exploits the static path which store the DLL files and replaces the original DLL files with the malicious .dll file through social engineering, or through any other method.
- Next time when that application runs (either due to convincing by the hacker or for some genuine use), it searches for the relevant DLL file.
- First, it looks into the same folder as the application folder and then searched based on the priorities set by the operating system. As soon as this malicious file is picked up and loaded, the hacker could gain the desired effect (like admin privileges) on the victim's machine.
Mitigation For The Attack
Instead of using a relative path, programmers should use an absolute path. Use a hardware firewall and turn ON the router firewall. An Intrusion Detection/Prevention System can also help control such attack incidents. There are several third-party tools which can help detect if an application is vulnerable to DLL Hijacking attacks.