Oh great, hackers found a new way to sneak malware into your computer

Kaspersky (thanks Bleeping Computer) analyzed a recent sample of the malware on a customer's computer in February of this year. During their analysis, they found that a hacker was able to plant fileless malware into a victim's file system by hiding it away in your Windows events logs. A first, according to Kaspersky. 

This sophisticated attack injects shellcode payloads into Windows event logs into the KMS (Key Management Services) via a custom malware dropper and basically hides in plain sight. 

The dropper then loads malicious code by taking advantage of a DLL exploit and hides itself as a copy of a legitimate error file. So, even if you check your event logs, it'll look like nothing out of the ordinary. The attacker can then install a Trojan virus (or, in this case, a number of Trojans), which will wreak havoc on a system. 

Denis Legezo, lead security researcher at Kaspersky, told Bleeping Computer that “the actor behind the campaign is rather skilled by itself, or at least has a good set of quite profound commercial tools.” The purpose of the attack is to obtain valuable user data. 

Peak Storage

SATA, NVMe M.2, and PCIe SSDs on blue background

(Image credit: Future)

Best SSD for gaming: the best solid state drives around
Best PCIe 4.0 SSD for gaming: the next gen has landed
The best NVMe SSD: this slivers of SSD goodness
Best external hard drives: expand your horizons
Best external SSDs: plug in upgrades for gaming laptops and consoles

Kaspersky never revealed who the company that was was hit by what it's calling a “targeted  campaign.”   The victim of this attack, in this case, was tricked into downloading a RAR archive from a legitimate file sharing service.  Once its downloaded, it secretly runs itself, and you're pretty much screwed.

So how do you defend yourself against an attack like this? You should continue to follow your company's cybersecurity best practices, like never clicking on suspicious links in emails and texts. Ensuring you know what you're downloading, and where it is from, before hitting open on any files or folders remains one of the best defenses we have against the dark hacking arts.

Frederick Catcher

Popular in the Community