Cybercriminals turn to ‘fileless’ malware for attacks
Kaspersky Lab said that a simple teaser of Internet news headlines was the launch-pad for this unique malware attack.
Security experts from Kaspersky Lab uncovered a hidden attack by cybercriminals who created a malicious code which operated without creating files on the infected system.
Kaspersky said that a simple teaser of Internet news headlines was the launch-pad for this unique malware attack on popular Russian news sources, and warned that similar attacks could be used to target users outside of Russia.
“We are dealing with a unique attack. A teaser network used by cybercriminals is one of the most effective ways to install a malicious code, as many popular resources contain links to it,” said Aleksander Gostev, Kaspersky Lab’s Chief Security Expert. “Moreover, for the first time in recent years, we faced a rare type of malware, the so-called ‘bodiless’ malware which does not exist as a file on the drive but appears in the operating memory of the infected machine, making its detection much more complicated. This incident was targeting Russian users.”
He warned that the same exploit and bodiless bot may well be used against users in other countries as they can be distributed via similar foreign banner and teaser networks. At the same time it is highly probable that not only Lurk Trojan, but also other malware, is used for these purposes.
The investigation by Kaspersky Lab showed that Russian media websites using the AdFox teaser system on their pages unwittingly infected visitors to their pages. While downloading the news teaser, the user’s browser was secretly redirected to a malicious website containing a Java-exploit.
However, unlike standard drive by-attacks, the malicious program was not loaded to the hard drive, but appeared only in the operating memory of the computer, making it much more complicated to track it down using anti-virus solutions.
- Battling Cyber Risks With Intelligent Automation
- Cyber GCCs In India At The Cusp Of Transformation
- Firms Unable To Cope With Security Skill Gap, Vendor Sprawl: Study
- Indians Lack Awareness Of Malicious Cryptomining: Study
- Iris Global On Expansion Spree; Ventures Into India's Cyber Security Biz
- Firms Yet To Adopt AI-ML To Improve Cyber Resilience
- NIC Steps Up Its Efforts To Hire More Cyber Security Pros
- GDPR Law Boosts Cyber Security Jobs in India: Study
- When Securing Customer Loyalty Becomes Critical
- What's Stopping CEOs From Meeting Growth Targets