HomesecurityHackers abuse MSBuild and infect users with info-stealing malware

Hackers abuse MSBuild and infect users with info-stealing malware

Cybercriminals are abusing it Microsoft Build Engine (MSBuild) to develop Remote Access (RAT) tools and fileless malware (info-stealing malware).

See also: Microsoft: Hackers target airlines with new malware!

MSBuild
Hackers abuse MSBuild and infect users with info-stealing malware

MSBuild (msbuild.exe) is an open-source, legitimate Microsoft application development platform.

This tool can create applications on any Windows system, provided it comes with an XML schema project file, which tells it how to automate the creation process (compilation, packaging, testing and deployment).

As her research team observed Anomaly, the malicious MSBuild project files delivered to this hacking campaign, grouped encrypted executable files and shellcodes that criminals used to introduction of final payloads in memory of recent spawned processes.

See also: Teabot: New Android malware targets banks in Europe!

"While we were unable to determine the method of distributing the .proj files, the purpose of these files was to Remcos either the RedLine StealerAnomali analysts said.

Theft credentials and other sensitive information

The assailants began to install the Remcos RAT, Quasar RAT and RedLine Stealer payloads on the computers of their victims last month.

Hackers abuse MSBuild and infect users with info-stealing malware

Once info-stealing RATs are installed on a targeted system, they can be used to record keystrokes, steal credentials, take screenshots, and even disable antivirus software, stay in the systems for a long time and take full control of the devices remotely.

Info-stealing malware scans for web browsers, messaging applications and VPN and cryptocurrency software to steal users' credentials.

RedLine Stealer can also collect system information, cookies and crypto wallet information from configuration files and app data stored on victims' devices.

info-stealing malware
Hackers abuse MSBuild and infect users with info-stealing malware

Tradition fileless malware helps prevent detection

Using Microsoft's legitimate MSBuild tool allows intruders to avoid detection while loading their malicious payloads directly into the memory of a targeted computer.

See also: Collaboration of Cuba ransomware with Hancitor malware for spam attacks

These attacks are not detected or detected by a very small number of malware.

According to a security report, the delivery fileless malware has increased significantly since 2020.

Anomali stressed that criminals used fileless malware to bypass security systems.

"This campaign highlights that relying solely on anti-virus software is not enough for cyber defense".

Source: Bleeping Computer

Digital Fortresshttps://www.secnews.gr
Pursue Your Dreams & Live!
spot_img

LIVE NEWS