Ransomware Goes Fileless, Uses Malicious Documents and PowerShell to Encrypt Files

Ransomware Goes Fileless, Uses Malicious Documents and PowerShell to Encrypt Files

In October 2019, we encountered a phishing campaign delivering a malicious Microsoft Word document that distributed ransomware with a twist. Unlike most ransomware families, such as GandCrab, WannaCry and RobinHood, the malware ...
Divergent Malware Using NodeJS, WinDivert in Fileless Attacks

Divergent Malware Using NodeJS, WinDivert in Fileless Attacks

Samples of a new malware family called “Divergent” are using both NodeJS and WinDivert in a series of fileless attack campaigns. Cisco Talos didn’t identify the exact delivery method for Divergent. Even ...
Astaroth

Astaroth-Dropper Trojan Hides in Plain Sight

Malware is getting harder to detect. So says an AV vendor, anyway. But here’s a fascinating case study ...
Security Boulevard
Congratulations, You’ve Won a Meterpreter Shell

Congratulations, You’ve Won a Meterpreter Shell

Posted by Josh Stroschein, Ratnesh Pandey and Alex Holland. For an attack to succeed undetected, attackers need to limit the creation of file and network artifacts by their malware. In this post, ...
virus

Why Fileless Malware Will Continue Its Rapid Expansion

Fileless malware has received a lot of attention lately, and with good reason. In the last year, fileless malware, also commonly referred to as a zero-footprint attack, has successfully infiltrated a number ...
Security Boulevard
Hancitor: fileless attack with a kernel trick

Hancitor: fileless attack with a kernel trick

Evading detection when distributing payloads is a key part of an effective malware campaign. Hancitor shows that it has yet another trick up its sleeve for that. Categories: Malware Threat analysis Tags: ...

Week in security (February 26 – March 4)

Last week in infosec, cryptomining kept chugging along, exploits were spotted in the wild, and a massive DDoS attack targeted GitHub. Categories: Security world Week in security Tags: filelessgerman governmentmalicious cryptominingtorrentweekly blog ...