Security News > 2021 > May > Attackers abuse Microsoft dev tool to deploy Windows malware
Threat actors are abusing the Microsoft Build Engine to deploy remote access tools and information-stealing malware filelessly as part of an ongoing campaign.
This development tool can build apps on any Windows system if provided with an XML schema project file telling it how to automate the build process.
On computers where the attackers deployed the info stealer, the malware will scan for web browsers, messaging apps, and VPN and cryptocurrency software to steal user credentials.
Malware samples used in this campaign are either not detected or detected by a very low number of anti-malware engines according to VirusTotal.
The fileless malware further decreases the chances that the attack is spotted since no actual files are written on the victims' devices, with no physical traces of the payloads left on the infected devices' hard drives.
According to a WatchGuard Internet security report published at the end of March, fileless malware delivery has seen a massive increase between 2019 and 2020, skyrocketing by 888% based on a year worth of endpoint threat intelligence data collected by WatchGuard Panda products.
News URL
Related news
- Microsoft says premature patch could make Windows Recall forget how to work (source)
- Microsoft says having a TPM is "non-negotiable" for Windows 11 (source)
- Windows, macOS users targeted with crypto-and-info-stealing malware (source)
- New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools (source)
- Microsoft lifts Windows 11 24H2 block on PCs with USB scanners (source)
- Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware (source)
- Microsoft says Auto HDR causes game freezes on Windows 11 24H2 (source)
- Microsoft adds another problem to the Windows 11 24H2 naughty list (source)
- Microsoft may have scrapped Windows 11's dynamic wallpapers feature (source)
- Microsoft to force install new Outlook on Windows 10 PCs in February (source)