Security News > 2022 > May > Kaspersky uncovers fileless malware inside Windows event logs
Kaspersky uncovers fileless malware inside Windows event logs.
The cybersecurity company published a blog on May 4 detailing that, for the first time ever, hackers have placed shellcode into Windows event logs, hiding Trojans as fileless malware.
"We witnessed a new targeted malware technique that grabbed our attention," said Denis Legezo, lead security researcher at Kaspersky.
"For the attack, the actor kept and then executed an encrypted shellcode from Windows event logs. That's an approach we've never seen before and highlights the importance of staying aware of threats that could otherwise catch you off guard. We believe it's worth adding the event logs technique to MITRE Matrix's Defense Evasion and Hide Artifacts section. The usage of several commercial pentesting suites is also not the kind of thing you see every day."
The HTTP network method saw the malicious file target the Windows system files, hiding a piece of malware by creating a duplicate of an existing file with "1.1" added to the the string, which is assumed by Kaspersky to be the malicious version of a file.
Also See Share: Kaspersky uncovers fileless malware inside Windows event logs.
News URL
https://www.techrepublic.com/article/kaspersky-fileless-malware-windows-event-logs/
Related news
- Raspberry Robin malware evolves with early access to Windows exploits (source)
- Hackers used new Windows Defender zero-day to drop DarkMe malware (source)
- Hackers abuse Windows SmartScreen flaw to drop DarkGate malware (source)
- Hackers exploit Windows SmartScreen flaw to drop DarkGate malware (source)
- New DEEP#GOSU Malware Campaign Targets Windows Users with Advanced Tactics (source)