Microsoft experts warned users about an active malicious campaign to infect computers with Astaroth malware, which is difficult to detect with familiar security solutions.
The Windows Defender ATP development team, a commercial version of the Windows Defender antivirus product, discovered the campaign.“Our experts suspected something was wrong after the discovery of a sharp surge in the use of the Windows Management Instrumentation Command-line (WMIC) tool”, – says team member Andrea Lelli.
WMIC is a legitimate tool in modern versions of Windows, but a sudden increase in its use clearly indicated a malicious campaign. Looking closed, experts discovered a large-scale operation to send fishing emails with a link to the website containing the .LNK file.
At the final stage of the attack on the system was downloaded Astaroth malware, which is an infostealer for stealing credentials for a number of applications. The first attacks with its use were discovered in 2018. In February of this year, malware attacked users in Europe and Brazil.
Microsoft experts have fixed a new campaign in May and June. Over 95% of all affected users live in Brazil.
Read also: The new version of the Dridex banker slipping from antiviruses
As noted by Lelly, at any stage of the attack are not used files that would be saved in the system. This type of attack, when only tools that are already present on the system are used, is called “living off the land”. Over the past three years, attacks of this type are being used more and more, forcing manufacturers of antivirus solutions to develop new ways to detect them.
“Using invisible techniques and being actually invisible are two different things. Being invisible may help you for some things, but you should not be under the illusion that you are invincible. The same applies to fileless malware: abusing fileless techniques does not put malware beyond the reach or visibility of security software. On the contrary, some of the fileless techniques may be so unusual and anomalous that they draw immediate attention to the malware”, — argues Andrea Lelli.
Additionally, Microsoft expert calls for the use of advanced developments in the field of detection of viruses and malware, until they managed to cause maximum damage.
