Security News > 2022 > May > Kaspersky uncovers fileless malware inside Windows event logs
Kaspersky uncovers fileless malware inside Windows event logs.
The cybersecurity company published a blog on May 4 detailing that, for the first time ever, hackers have placed shellcode into Windows event logs, hiding Trojans as fileless malware.
"We witnessed a new targeted malware technique that grabbed our attention," said Denis Legezo, lead security researcher at Kaspersky.
"For the attack, the actor kept and then executed an encrypted shellcode from Windows event logs. That's an approach we've never seen before and highlights the importance of staying aware of threats that could otherwise catch you off guard. We believe it's worth adding the event logs technique to MITRE Matrix's Defense Evasion and Hide Artifacts section. The usage of several commercial pentesting suites is also not the kind of thing you see every day."
The HTTP network method saw the malicious file target the Windows system files, hiding a piece of malware by creating a duplicate of an existing file with "1.1" added to the the string, which is assumed by Kaspersky to be the malicious version of a file.
Also See Share: Kaspersky uncovers fileless malware inside Windows event logs.
News URL
https://www.techrepublic.com/article/kaspersky-fileless-malware-windows-event-logs/
Related news
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- New SteelFox malware hijacks Windows PCs using vulnerable driver (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- Windows, macOS users targeted with crypto-and-info-stealing malware (source)
- New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools (source)