Kaspersky Lab’s threat researchers have documented a malicious campaign that uses Windows event logs to store fileless last-stage Trojans and hide them in the file system.
The first part of the campaign began around September 2021, according to Kaspersky, with the threat actor enticing victims into downloading a digitally signed Cobalt Strike module. The use of event logs for malware storage is a strategy that Kaspersky security researchers claim they have never observed in real-world malware attacks.
The attacks haven’t been linked to a known threat actor, but the researchers say the organization sets out because it updates Windows native API functions connected with event tracking and the anti-malware scan interface to keep the infection hidden.
Read More: https://www.securityweek.com/kaspersky-warns-fileless-malware-hidden-windows-event-logs
