Kaspersky has made an unprecedented discovery that could have serious consequences for Windows operating systems and its users. Kaspersky released information about its findings on May 4, detailing how hackers were able to place shellcode into Windows event logs for the first time ever. This means that threat actors were able to hide Trojans in the documents as file-less malware. The malware campaign leveraged techniques such as commercial penetration testing suites and anti-detection wrappers, according to Kaspersky. There were two Trojans deployed for the last stage, which allowed it to gain further access into the system. Kaspersky explained how the Trojans were delivered via two different methods, HTTP network communications and engagement with the named pipes.
The earliest instance of the malware hiding took place in September 2021, when the attackers were able to get a target to download a .rar file through an authentic website. After this login occurred, the file unpacked .dll Trojan files into the victim’s hard drive. Kaspersky stated that the malware technique had not been seen before by security researchers. The unique approach caught the attention of the researchers, who were able to look into the incident and determine the details of the attack.
Read More: Kaspersky uncovers fileless malware inside Windows event logs