Daily News for Every Age

Hackers plant fileless malware in Windows event logs

Advertisement

Hackers planted fileless malware in Windows event logs for the Key Management Services using a custom malware dropper (KMS).

Kaspersky researchers discovered the new technique after being alerted by a customer with an infected endpoint.

Advertisement

According to the researchers, the entire campaign is “very targeted” and employs a wide range of tools.

The loader’s purpose is to search the event logs for specific lines.

Advertisement

If it doesn’t find them, it will write encrypted shellcode that will later be combined to form malware for the next stage of the attack.

Legezo describes the entire technique and execution as “impressive.”

According to researchers, the campaign began in September 2021, and given that there are no similarities to any previous attacks recorded, we are most likely dealing with a completely new player.

Hackers plant fileless malware in Windows event logs

Follow us on