Cybersecurity experts recently discovered a new technique for storing malware on an unsuspecting PC. Used by hackers, it involves slipping malware inside of Windows 11 event logs. To make matters worse, this new technique is designed to make the infection process nearly impossible to detect until it's too late.
Researchers at Kaspersky (thanks Bleeping Computer) analyzed a recent sample of the malware on a customer's computer in February of this year. During their analysis, they found that a hacker was able to plant fileless malware into a victim's file system by hiding it away in your Windows events logs. A first, according to Kaspersky.
This sophisticated attack injects shellcode payloads into Windows event logs into the KMS (Key Management Services) via a custom malware dropper and basically hides in plain sight.
The dropper then loads malicious code by taking advantage of a DLL exploit and hides itself as a copy of a legitimate error file. So, even if you check your event logs, it'll look like nothing out of the ordinary. The attacker can then install a Trojan virus (or, in this case, a number of Trojans), which will wreak havoc on a system.
Denis Legezo, lead security researcher at Kaspersky, told Bleeping Computer that “the actor behind the campaign is rather skilled by itself, or at least has a good set of quite profound commercial tools." The purpose of the attack is to obtain valuable user data.
Best SSD for gaming: the best solid state drives around
Best PCIe 4.0 SSD for gaming: the next gen has landed
The best NVMe SSD: this slivers of SSD goodness
Best external hard drives: expand your horizons
Best external SSDs: plug in upgrades for gaming laptops and consoles
Kaspersky never revealed who the company that was was hit by what it's calling a "targeted campaign." The victim of this attack, in this case, was tricked into downloading a RAR archive from a legitimate file sharing service. Once its downloaded, it secretly runs itself, and you're pretty much screwed.
So how do you defend yourself against an attack like this? You should continue to follow your company's cybersecurity best practices, like never clicking on suspicious links in emails and texts. Ensuring you know what you're downloading, and where it is from, before hitting open on any files or folders remains one of the best defenses we have against the dark hacking arts.
