Kaspersky Issues a Security Alert Regarding Fileless Malware Hidden in Windows Event Logs

7
Kaspersky Issues a Security Alert Regarding Fileless Malware Hidden in Windows Event Logs

Kaspersky Lab’s threat researchers have documented a malicious campaign that uses Windows event logs to store fileless last-stage Trojans and hide them in the file system.

The first part of the campaign began around September 2021, according to Kaspersky, with the threat actor enticing victims into downloading a digitally signed Cobalt Strike module. The use of event logs for malware storage is a strategy that Kaspersky security researchers claim they have never observed in real-world malware attacks.

The attacks haven’t been linked to a known threat actor, but the researchers say the organization sets out because it updates Windows native API functions connected with event tracking and the anti-malware scan interface to keep the infection hidden.

Read More: https://www.securityweek.com/kaspersky-warns-fileless-malware-hidden-windows-event-logs