- Aug 17, 2014
Read more: Hackers abuse Windows error service in fileless malware attackAn unknown hacking group injected malicious code within the legitimate Windows Error Reporting (WER) service to evade detection as part of a fileless malware attack as discovered by Malwarebytes researchers last month.
Exploiting the WER service in attacks for defense evasion is not a new tactic but, as Malwarebytes Threat Intelligence Team researchers Hossein Jazi and Jérôme Segura said, this campaign is most likely the work of a yet unknown cyber espionage group.
"The threat actors compromised a website to host its payload and used the CactusTorch framework to perform a fileless attack followed by several anti-analysis techniques," the report, shared in advance with BleepingComputer, explains.
The attack was first observed on September 17 after the researchers spotted phishing emails containing a malicious document encased in a ZIP archive.
Full report by researchers: Release the Kraken: Fileless APT attack abuses Windows Error Reporting service - Malwarebytes Labs