June 11, 2023

Cybercriminals are now abusing inbuilt legitimate services of Windows to perform fileless attacks. Researchers reveal they use spear-phishing emails to spread a zip file containing a malicious document.

A new attack dubbed Kraken was identified abusing Windows Error Reporting (WER) service as an evasion mechanism.
The attackers target Windows internal service WerFault[.]exe, which is used to report an error that occurs in the Windows OS.

They first compromise a website to host their payload and use the CactusTorch framework to execute a fileless attack accompanied by multiple tricks.

After passing the anti-analysis checks, it loads the final shellcode and creates a new WER thread. The shellcode is hosted on the compromised asia-kotoba[.]net site, where it is planted as a fake favicon.

The attack could not be attributed to any known threat group as there is not enough evidence. However, researchers claim that APT32 previously used some elements used in this attack.

Cybercriminals are getting better at finding new attack techniques to exploit legitimate services, such as WER. Experts suggest users must regularly update anti-malware solutions, update Windows, and deploy a malicious behavior monitoring mechanism.

Tags:

Leave a Reply

You may have missed

VMware Patches Vulnerabilities in Aria

VMware Patches Vulnerabilities in Aria

June 10, 2023
Fractureiser Malware Targets MineCraft

Fractureiser Malware Targets MineCraft

June 10, 2023
MoveIt New SQL Vulnerability ! Patch It

MoveIt New SQL Vulnerability ! Patch It

June 10, 2023
Japanese Pharma Eisai Victim of Ransomware Attack

Japanese Pharma Eisai Victim of Ransomware Attack

June 9, 2023
ACT Government Victim of Barracuda ESG Vulnerability

ACT Government Victim of Barracuda ESG Vulnerability

June 9, 2023
Anonymous Sudan Claims Responsible for Outlook Outages

Anonymous Sudan Claims Responsible for Outlook Outages

June 9, 2023
%d bloggers like this: