This New Fileless Malware Hides Shellcode in Windows Event Logs
A new malicious campaign has been spotted taking advantage of Windows event logs to stash chunks of shellcode for the first time in the wild
Infection refers to malware entering a device or network, enabling unauthorized access, data theft, disruption, or further compromise.
Search across headline titles and summaries.
Background for this topic.
A malware infection occurs when malicious code executes on a device or enters an environment, enabling unauthorized actions such as persistence, data theft, encryption, or further compromise. The term commonly covers viruses, worms, trojans, spyware, and similar malware; an infection may begin through a malicious attachment, exploit, drive-by download, removable media, or stolen credentials. Its effects depend on the malware and the privileges of the affected account, and an infected host does not necessarily spread automatically.
For security practitioners, the key concerns are identifying affected hosts, determining the initial access and scope, and preventing lateral movement. Useful controls include timely vulnerability remediation, email and web filtering, application controls, least-privilege accounts, and endpoint monitoring for unusual processes, persistence, or network connections. When infection is suspected, isolate the system without destroying evidence, investigate related accounts and devices, revoke exposed credentials, remove or rebuild the malware, and validate that restored systems are clean.
A new malicious campaign has been spotted taking advantage of Windows event logs to stash chunks of shellcode for the first time in the wild
An operational slip-up led security researchers to an attacker associated with Nigerian letter scams and malware distribution, after he infected himself with Agent Tesla.
A pay-per-install (PPI) malware service known as PrivateLoader has been spotted distributing a "fairly sophisticated" framework called NetDooka, granting attackers complete control over the infected devices
A new malware framework known as NetDooka has been discovered being distributed through the PrivateLoader pay-per-install (PPI) malware distribution service, allowing threat actors full access to an infected device. [...]
This report focuses on the components and infection chain of the NetDooka framework. Its scope ranges from the release of the first payload up until the release of the final RAT that is protected by a kernel driver.
A state-sponsored threat actor designed a house-of-cards style infection chain to exfiltrate massive troves of highly sensitive data.
Plus: Another university hit with malware, and more In brief The Black Basta crime gang has claimed it infected the American Dental Association with ransomware.…