Security News > 2021 > May > Attackers abuse Microsoft dev tool to deploy Windows malware

Threat actors are abusing the Microsoft Build Engine to deploy remote access tools and information-stealing malware filelessly as part of an ongoing campaign.
This development tool can build apps on any Windows system if provided with an XML schema project file telling it how to automate the build process.
On computers where the attackers deployed the info stealer, the malware will scan for web browsers, messaging apps, and VPN and cryptocurrency software to steal user credentials.
Malware samples used in this campaign are either not detected or detected by a very low number of anti-malware engines according to VirusTotal.
The fileless malware further decreases the chances that the attack is spotted since no actual files are written on the victims' devices, with no physical traces of the payloads left on the infected devices' hard drives.
According to a WatchGuard Internet security report published at the end of March, fileless malware delivery has seen a massive increase between 2019 and 2020, skyrocketing by 888% based on a year worth of endpoint threat intelligence data collected by WatchGuard Panda products.
News URL
Related news
- Microsoft Teams tactics, malware connect Black Basta, Cactus ransomware (source)
- Microsoft admits GitHub hosted malware that infected almost a million devices (source)
- Microsoft lifts Windows 11 update block for some AutoCAD users (source)
- Microsoft replacing Remote Desktop app with Windows App in May (source)
- Microsoft: Recent Windows updates make USB printers print random text (source)
- Microsoft patches Windows Kernel zero-day exploited since 2023 (source)
- Microsoft: March Windows updates mistakenly uninstall Copilot (source)
- Microsoft: New RAT malware used for crypto theft, reconnaissance (source)
- Microsoft fixes Windows update bug that uninstalled Copilot (source)
- Microsoft lifts Windows 11 upgrade block after Asphalt 8 crash fix (source)