Windows on alert for storage of malicious code

Experts have discovered an unusual malware campaign. It uses Windows event logs to store malware.

In addition, attackers use a wide range of techniques, including SilentBreak and CobaltStrike, legal penetration testing tools. The infection chain also includes a full set of helper modules, including those written in Go.

They are used to make it harder to detect last-level Trojans. Previously, experts had not seen the technique of hiding malicious code within Windows event logs. The module of the file downloaded by the victim is responsible for the primary infection of the system.

windows on alert

Some files are signed with a digital certificate to increase your trust. This chain ends with various Trojans for remote control of infected devices. They differ both in how the commands are passed (HTTP or named pipes) and as a whole.

Some versions of Trojans have dozens of these commands. In addition to using two commercial tools at once and a large number of modules, the encrypted shellcode is stored in the Windows event log. Such a technique to hide the presence of malware on the system could be added to the MITER matrix.

Thousands of years later, the myth of the Trojan horse lives on, albeit in an unflattering interpretation. A sophisticated cunning and marvel of Greek engineering has given its name to a group of malicious digital tools whose sole purpose is to discreetly damage victims’ computers.

For the first time, cases of malicious code being stored in Windows logs have been detected

They do this by reading passwords, logging keystrokes, or downloading other malware that can even take over your entire computer. They can do the following:

• data deletion
• data lock
• change data
• copy data
• Disruption of computers and computer networks

Backdoors are one of the simplest yet potentially most dangerous types of Trojans. Such programs can download all kinds of malicious programs on the system, acting as a gateway, and also increase the vulnerability of the computer to attacks.

Backdoors are often used to create botnets, where, without the user’s knowledge, computers become part of a zombie network used for attacks. Furthermore, backdoors allow it to execute malicious code and commands on the device, as well as monitor web traffic.

Exploits are programs that contain data or code that allow you to exploit a vulnerability in an application on your computer. Rootkits are designed to hide certain objects or actions on the system. Its main purpose is to prevent malware from being detected and thus increase its execution time on the infected computer.