fileless malware

Pierluigi Paganini August 15, 2022
A new PyPI Package was found delivering fileless Linux Malware

Security Researchers discovered a new PyPI Package designed to drop fileless cryptominer to Linux systems. Sonatype researchers have discovered a new PyPI package named ‘secretslib‘ that drops fileless cryptominer to the memory of Linux machine systems. The package describes itself as “secrets matching and verification made easy,” it has a total of 93 downloads since […]

Pierluigi Paganini May 07, 2022
Malware campaign hides a shellcode into Windows event logs

Experts spotted a malware campaign that is the first one using a technique of hiding a shellcode into Windows event logs. In February 2022 researchers from Kaspersky spotted a malicious campaign using a novel technique that consists of hiding the shellcode in Windows event logs. The technique allows hiding a fileless Trojan, the experts also […]

Pierluigi Paganini February 01, 2018
Mining Smominru botnet used NSA exploit to infect more than 526,000 systems

Researchers from Proofpoint discovered a huge botnet dubbed ‘Smominru’ that is using the EternalBlue exploit to infect Windows computers and recruit them in Monero cryptocurrency mining activities. The number of cyber attacks against the cryptocurrency sector continues, vxers are focusing their efforts on the development of cryptocurrency/miner malware. Recently security experts observed cryptocurrency miners leveraging the NSA EternalBlue SMB exploit […]

Pierluigi Paganini August 22, 2017
Fileless cryptocurrency miner CoinMiner uses NSA EternalBlue exploit to spread

A new fileless miner dubbed CoinMiner appeared in the wild, it uses NSA EternalBlue exploit and WMI tool to spread. A new strain of Cryptocurrency Miner dubbed CoinMiner appeared in the wild and according to the experts it is hard to detect and infects Windows PCs via EternalBlue NSA exploit. CoinMiner is a fileless malware that leverages the WMI […]

Pierluigi Paganini June 16, 2017
New Code-injecting SOREBRECT Fileless Ransomware detected in the wild

The number of fileless malware continues to increase, recently security researchers spotted a new Fileless Ransomware dubbed Sorebrect. Sorebrect is able to inject malicious code into a legitimate system process (svchost.exe) on a targeted system and it terminates its binary to evade detection. It also make hard forensics analysis by deleting the affected system’s event logs using […]

Pierluigi Paganini May 20, 2017
UIWIX, the Fileless Ransomware that leverages NSA EternalBlue Exploit to spread

Security experts discovered a new ransomware family, dubbed UIWIX, that uses the NSA-linked EternalBlue exploit for distribution The effects of the militarization of the cyberspace are dangerous and unpredictable. A malicious code developed by a government could create serious problems for the Internet users, the recent WannaCry massive attack demonstrates it that used the EternalBlue Exploit to […]

Pierluigi Paganini May 15, 2017
BAIJIU Malware abuses Japanese Web hosting service to target North Korea

Security researchers from Cylance discovered a new fileless malware dubbed BAIJIU that was used to targets North Korea. Security experts believe the threat has a Chinese origin, attackers delivered it through a phishing campaign. “BAIJIU, which evades widespread detection, abuses global concern about the dire humanitarian situation in North Korea. It enters the target environment through an […]

Pierluigi Paganini February 09, 2017
High sophisticated Fileless malware infected 140 companies in 40 countries

More than a hundred banks and financial institutions in 40 countries have been infected with a sophisticated fileless malware that is very hard to detect. Hundreds of banks and financial institutions across the world may have been infected with a sophisticated fileless malware that is hard to detect. The threat was discovered by the experts at […]

Pierluigi Paganini April 23, 2015
Phasebot, the fileless malware sold in the underground

Security experts at Trend Micro have discovered Phasebot malware, which also has fileless infection as part of its routine, is being sold online. Phasebot  is a strain of malware characterized by fileless infection that is being sold in the criminal underground. In August 2014, experts at GData discovered Poweliks, a persistent malware able to infect machines without installing […]