CVE-2022-23748

CVE-2022-23748 is a software vulnerability, specifically a flaw in the design or implementation of Audinate's Dante Discovery software. This vulnerability allows for malicious exploitation via DLL side-loading schemes, where the affected software, due to its flawed design, loads and executes a malicious DLL file instead of the legitimate one. The particular DLL targeted in this case is dal_keepalives.dll, which is hijacked by threat actors to exploit the vulnerability. The exploit was utilized as part of a cyber campaign that leverages spear-phishing emails to deliver archive files containing a digitally signed executable and a malicious DLL. The executable is named to match the context of the email, thereby tricking the recipient into thinking it is a legitimate attachment. Once the archive is opened, the malicious DLL exploits CVE-2022-23748 in Dante Discovery software to side-load a malware named "CurKeep" onto the victim's system. This campaign uses a sophisticated approach combining social engineering (spear-phishing) with a technical exploit (DLL side-loading via CVE-2022-23748). It highlights the importance of maintaining up-to-date software patches and educating users about the dangers of opening unsolicited email attachments. Users of Audinate's Dante Discovery software should ensure they have applied any available patches to mitigate this vulnerability and prevent potential compromise of their systems.