Threat Awareness – Threat Actors Exploiting Event Logs to Hide Fileless Malware

Security researchers have uncovered a malicious cyber campaign that employs a novel anti-detection technique to deliver a trojan onto a targeted device. The campaign, first observed by Kaspersky, writes shellcode into Windows event logs that allows for a “fileless” last stage trojan to be hidden in a computer’s random-access memory. Injecting malware directly into system memory is what classifies as “fileless” and this technique allows threat actors to hide malicious payloads from traditional security and detection tools. What makes this campaign novel is how the threat actors inject shellcode directly into Windows event logs. An adversary using this technique could gain access to the victim’s device and allow for additional malicious activity, such as ransomware or credential harvesting. Members are encouraged to share this recent threat with system administrators and analysts to implement procedures for detecting this behavior. Read more at ThreatPost.