A new malicious campaign has been spotted taking advantage of Windows event logs to stash chunks of shellcode for the first time in the wild. "It allows the 'fileless' last stage trojan to be hidden from plain sight in the file system," Kaspersky researcher Denis Legezo said in a technical write-up published this week. The stealthy infection process, not attributed to a known … [Read more...] about This New Fileless Malware Hides Shellcode in Windows Event Logs
Fileless
Enhancing Fileless Attack Detection with Memory Scanning
CrowdStrike introduces memory scanning into the CrowdStrike Falcon® sensor for Windows to enhance existing visibility and detection of fileless threats The Falcon sensor integrates Intel threat detection technology to perform accelerated memory scanning for malicious byte patterns Memory scanning is optimized for performance on Intel CPUs, including high-performance operation, … [Read more...] about Enhancing Fileless Attack Detection with Memory Scanning
New “SockDetour” Fileless, Socketless Backdoor Targets U.S. Defense Contractors
Cybersecurity researchers have taken the wraps off a previously undocumented and stealthy custom malware called SockDetour that targeted U.S.-based defense contractors with the goal of being used as a secondary implant on compromised Windows hosts. "SockDetour is a backdoor that is designed to remain stealthily on compromised Windows servers so that it can serve as a backup … [Read more...] about New “SockDetour” Fileless, Socketless Backdoor Targets U.S. Defense Contractors
A New Fileless P2P Botnet Malware Targeting SSH Servers Worldwide
Cybersecurity researchers today took the wraps off a sophisticated, multi-functional peer-to-peer (P2P) botnet written in Golang that has been actively targeting SSH servers since January 2020.Called "FritzFrog," the modular, multi-threaded and file-less botnet has breached more than 500 servers to date, infecting well-known universities in the US and Europe, and a railway … [Read more...] about A New Fileless P2P Botnet Malware Targeting SSH Servers Worldwide
Divergent: “Fileless” NodeJS Malware Burrows Deep Within the Host
Threat Research Executive summary Cisco Talos recently discovered a new malware loader being used to deliver and infect systems with a previously undocumented malware payload called “Divergent.” We first dove into this malware after we saw compelling data from Cisco Advanced Malware Protection’s (AMP) Exploit Prevention. This threat … [Read more...] about Divergent: “Fileless” NodeJS Malware Burrows Deep Within the Host
Watch Out! Microsoft Spotted Spike in Astaroth Fileless Malware Attacks
Security researchers at Microsoft have released details of a new widespread campaign distributing an infamous piece of fileless malware that was primarily being found targeting European and Brazilian users earlier this year.Dubbed Astaroth, the malware trojan has been making the rounds since at least 2017 and designed to steal users' sensitive information like their … [Read more...] about Watch Out! Microsoft Spotted Spike in Astaroth Fileless Malware Attacks