Security News > 2021 > May > Attackers abuse Microsoft dev tool to deploy Windows malware
Threat actors are abusing the Microsoft Build Engine to deploy remote access tools and information-stealing malware filelessly as part of an ongoing campaign.
This development tool can build apps on any Windows system if provided with an XML schema project file telling it how to automate the build process.
On computers where the attackers deployed the info stealer, the malware will scan for web browsers, messaging apps, and VPN and cryptocurrency software to steal user credentials.
Malware samples used in this campaign are either not detected or detected by a very low number of anti-malware engines according to VirusTotal.
The fileless malware further decreases the chances that the attack is spotted since no actual files are written on the victims' devices, with no physical traces of the payloads left on the infected devices' hard drives.
According to a WatchGuard Internet security report published at the end of March, fileless malware delivery has seen a massive increase between 2019 and 2020, skyrocketing by 888% based on a year worth of endpoint threat intelligence data collected by WatchGuard Panda products.
News URL
Related news
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- Microsoft has finally fixed Date & Time bug in Windows 11 (source)
- Microsoft shares workaround for Windows security update issues (source)
- Windows 10 KB5051974 update force installs new Microsoft Outlook app (source)
- Microsoft fixes bug causing Windows Server 2025 boot errors (source)
- Microsoft spots XCSSET macOS malware variant used for crypto theft (source)
- Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics (source)
- Microsoft to remove the Location History feature in Windows (source)
- Microsoft testing fix for Windows 11 bug breaking SSH connections (source)
- Microsoft launches ad-supported Office apps for Windows users (source)