New Malware Hides in Windows Event Logs to Escape Detection

Security researchers have identified a new cyberattack campaign that uses a malicious agent capable of using the logs of Windows events to store malware used in digital scams.

The most worrying thing about this attack is the fact that the malware registered in the event log does not have files, but rather has several deployment modules that make its activities as confidential as possible. Kaspersky, the security company responsible for detecting the samples, identified them through behavioral analysis of computers.

After investigating the samples, the company identified that this virus is part of a campaign with very clear targets, without mass distribution. The execution of the malicious code would occur from DLL hijacking, in which the malware uses insufficient checks to replace legitimate processes through the use of the SilentBreak tool.

Technical example of running SilentBreak and DLL hijacking. (Image: Reproduction/Kaspersky)

In most cases, malware is deployed on machines to steal data from victims. Kaspersky did not find relationships between this malicious agent and any other known group of cyber threats, which led to its classification as something unique and to its naming, by the researchers, SilentBreak, as well as the tool used in the scam.

Finally, at least so far, security recommendations for this particular threat have not yet been released by Kaspersky, which in its public report on the discovery states that it is continuing to study the situation.

Did you like this article?

Enter your email address on Canaltech to receive daily updates with the latest news from the world of technology.

Leave a Comment