Cybersecurity geeks recently uncovered a new way of installing malware on an off-guard computer. This technique is being wielded by hackers that involve slithering malware inside of the event logs of the latest Windows 11. To make things even nastier, this new technique is engineered to make the attacking process so subtle that it’s already too late before you can detect it.
Researchers employed at Kaspersky for cybersecurity, thanks to Bleeping Computer, studied a recent specimen of the malware on a customer’s PC this year in February. During their evaluation, they discovered that a hacker successfully planted a file-less malware into the victim’s file system by concealing it in the events logs of Windows. A first incident of such kind as per Kaspersky.
This trailblazing malware attack instills shellcode payloads into the event logs of Windows in the Key Management Services (KMS) through a malware dropper custom-made for this purpose that perfectly hides it, which can’t be noticed in normal circumstances.
Moving on, the malicious code is then loaded by the dropper by benefiting from a DLL exploit and successfully disguises itself as a duplicate of a normal recognized error file. That means even if you inspect your Windows event logs, nothing extraordinary or peculiar will be detected. The hacker can further drop a Trojan virus – or in this scenario, a series of Trojans – which will literally inflict devastation on a system.
The chief security researcher at Kaspersky, Denis Legezo, revealed to the Bleeping Computer that “the actor behind the campaign is rather skilled by itself, or at least has a good set of quite profound commercial tools.” The main motive of the attack is to get hold of sensitive user data.
However, Kaspersky didn’t disclose which company was attacked by what it’s labeling a “targeted campaign.” In this particular case study, the sufferer of this malicious attack was beguiled to download a RAR archive file from a legal file-sharing utility system. Once the file is downloaded on your PC, it covertly unzips itself, and before you even notice it, you’re already doomed.
The best way to keep yourself safe and secure against such malware attacks is to keep following the cybersecurity policies and best practices implemented by your organization. For instance, refrain from opening dubious links in texts and emails. Also, make sure that whatever you are downloading on your PC is coming from a legitimate and known source before opening the downloaded files or running any .EXE files.
As the world of the internet has advanced, these hackers and phishers have also invented new and subtle ways to attack your systems and the best defense is always staying aware of suspicious links and taking precautionary measures.