Blog

May 7, 2022

This New Fileless Malware Hides Shellcode in Windows Event Logs

Posted by in category: cybercrime/malcode

A new malicious campaign has been spotted taking advantage of Windows event logs to stash chunks of shellcode for the first time in the wild.

“It allows the ‘fileless’ last stage trojan to be hidden from plain sight in the file system,” Kaspersky researcher Denis Legezo said in a technical write-up published this week.

The stealthy infection process, not attributed to a known actor, is believed to have commenced in September 2021 when the intended targets were lured into downloading compressed. RAR files containing Cobalt Strike and Silent Break.

Comments are closed.