Hackers abuse Windows error service in fileless malware attack

[silversurfer]

Content source

https://www.bleepingcomputer.com/news/security/hackers-abuse-windows-error-service-in-fileless-malware-attack/

An unknown hacking group injected malicious code within the legitimate Windows Error Reporting (WER) service to evade detection as part of a fileless malware attack as discovered by Malwarebytes researchers last month.

Exploiting the WER service in attacks for defense evasion is not a new tactic but, as Malwarebytes Threat Intelligence Team researchers Hossein Jazi and Jérôme Segura said, this campaign is most likely the work of a yet unknown cyber espionage group.

"The threat actors compromised a website to host its payload and used the CactusTorch framework to perform a fileless attack followed by several anti-analysis techniques," the report, shared in advance with BleepingComputer, explains.

The attack was first observed on September 17 after the researchers spotted phishing emails containing a malicious document encased in a ZIP archive.

Read more: Hackers abuse Windows error service in fileless malware attack

Full report by researchers: Release the Kraken: Fileless APT attack abuses Windows Error Reporting service - Malwarebytes Labs