Security News > 2022 > May > This New Fileless Malware Hides Shellcode in Windows Event Logs
A new malicious campaign has been spotted taking advantage of Windows event logs to stash chunks of shellcode for the first time in the wild.
The adversary simulation software modules are then used as a launchpad to inject code into Windows system processes or trusted applications.
One of the key methods is to keep encrypted shellcode containing the next-stage malware as 8KB pieces in event logs, a never-before-seen technique in real-world attacks, that's then combined and executed.
"The actor behind this campaign is quite capable," Legezo said.
"The code is quite unique, with no similarities to known malware."
The disclosure comes as Sysdig researchers demonstrated a way to compromise read-only containers with fileless malware that's executed in-memory by leveraging a critical flaw in Redis servers.
News URL
https://thehackernews.com/2022/05/this-new-fileless-malware-hides.html
Related news
- Hackers abuse Windows SmartScreen flaw to drop DarkGate malware (source)
- Hackers exploit Windows SmartScreen flaw to drop DarkGate malware (source)
- New DEEP#GOSU Malware Campaign Targets Windows Users with Advanced Tactics (source)
- Detecting Windows-based Malware Through Better Visibility (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Russia's APT28 Exploited Windows Print Spooler Flaw to Deploy 'GooseEgg' Malware (source)