Security News > 2021 > May > Hackers Using Microsoft Build Engine to Deliver Malware Filelessly
Threat actors are abusing Microsoft Build Engine to filelessly deliver remote access trojans and password-stealing malware on targeted Windows systems.
The actively ongoing campaign is said to have emerged last month, researchers from cybersecurity firm Anomali said on Thursday, adding the malicious build files came embedded with encoded executables and shellcode that deploy backdoors, allowing the adversaries to take control of the victims' machines and steal sensitive information.
In using MSBuild to filelessly compromise a machine, the idea is to stay under the radar and thwart detection, as such malware makes use of a legitimate application to load the attack code into memory, thereby leaving no traces of infection on the system and giving attackers a high level of stealth.
The majority of the samples analyzed by Anomali were found to deliver the Remcos RAT, with a few others also delivering the Quasar RAT and RedLine Stealer.
NET-based RAT capable of keylogging, password stealing, among others.
Redline Stealer, as the name indicates, is a commodity malware that harvests credentials from browsers, VPNs, and messaging clients, in addition to stealing passwords and wallets associated with cryptocurrency apps.
News URL
Related news
- Cloud storage lockers from Microsoft and Google used to store and spread state-sponsored malware (source)
- Russian Hackers Using Fake Brand Sites to Spread DanaBot and StealC Malware (source)
- Hackers use PHP exploit to backdoor Windows systems with new malware (source)
- Microsoft: Exchange Online mistakenly tags emails as malware (source)
- Microsoft mistake blows up admins' inboxes with fake malware alerts (source)
- South Korean hackers exploited WPS Office zero-day to deploy malware (source)
- New Flaws in Microsoft macOS Apps Could Allow Hackers to Gain Unrestricted Access (source)
- Hackers Use Fake GlobalProtect VPN Software in New WikiLoader Malware Attack (source)
- Fake OnlyFans cybercrime tool infects hackers with malware (source)
- GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malware (source)