Hackers are abusing the Windows Problem Reporting (WerFault.exe) error reporting tool for Windows to load malware into a compromised system's memory using a DLL sideloading technique.

This payload injects an embedded shellcode into WerFault.exe, a process connected to the WER service and used by Microsoft to track and address operating system errors.

The service runs the WerFault.exe, which is “usually invoked when an error related to the operating system, Windows features or applications happens,” researchers noted.