Security News > 2022 > May > Kaspersky uncovers fileless malware inside Windows event logs

Kaspersky uncovers fileless malware inside Windows event logs
2022-05-09 17:17

Kaspersky uncovers fileless malware inside Windows event logs.

The cybersecurity company published a blog on May 4 detailing that, for the first time ever, hackers have placed shellcode into Windows event logs, hiding Trojans as fileless malware.

"We witnessed a new targeted malware technique that grabbed our attention," said Denis Legezo, lead security researcher at Kaspersky.

"For the attack, the actor kept and then executed an encrypted shellcode from Windows event logs. That's an approach we've never seen before and highlights the importance of staying aware of threats that could otherwise catch you off guard. We believe it's worth adding the event logs technique to MITRE Matrix's Defense Evasion and Hide Artifacts section. The usage of several commercial pentesting suites is also not the kind of thing you see every day."

The HTTP network method saw the malicious file target the Windows system files, hiding a piece of malware by creating a duplicate of an existing file with "1.1" added to the the string, which is assumed by Kaspersky to be the malicious version of a file.

Also See Share: Kaspersky uncovers fileless malware inside Windows event logs.


News URL

https://www.techrepublic.com/article/kaspersky-fileless-malware-windows-event-logs/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Kaspersky 27 9 40 5 5 59