Cybercriminals Abuse Built-in Services to Target Windows | Cyware Alerts

Cybercriminals are now abusing inbuilt legitimate services of Windows to perform fileless attacks. Researchers reveal they use spear-phishing emails to spread a zip file containing a malicious document.

The process

A new attack dubbed Kraken was identified abusing Windows Error Reporting (WER) service as an evasion mechanism.
  • The attackers target Windows internal service WerFault[.]exe, which is used to report an error that occurs in the Windows OS. 
  • They first compromise a website to host their payload and use the CactusTorch framework to execute a fileless attack accompanied by multiple tricks.
  • After passing the anti-analysis checks, it loads the final shellcode and creates a new WER thread. The shellcode is hosted on the compromised asia-kotoba[.]net site, where it is planted as a fake favicon.
  • The attack could not be attributed to any known threat group as there is not enough evidence. However, researchers claim that APT32 previously used some elements used in this attack.

Recent attacks

It is not the first incident where cybercriminals abused the legitimate service of Windows OS to perform malicious actions. 

  • Last month, researchers discovered that the Microsoft Windows TCPIP Finger command could be used or exploited to function as a file downloader.
  • In August, Wastedlocker ransomware was seen abusing the internal working procedure of windows cache memory to bypass behavior-based anti-malware tools.


Cybercriminals are getting better at finding new attack techniques to exploit legitimate services, such as WER. Experts suggest users must regularly update anti-malware solutions, update Windows, and deploy a malicious behavior monitoring mechanism.

Source link

Recent articles

‘I Came From Nothing’: An Undocumented Writer Defies the Odds

I came from nothing. I created all of this world myself, just like my parents as immigrants created a world themselves. These kids...

At the end of the month, my son asks me to pay his rent and says, ‘You don’t want us to be evicted do...

My adult son lost his job when he became disabled. He is married with one child. His wife — who has degrees in...

Compositing and Scene Referred Data

Peetie writes: A tutorial about compositing in Blender while respecting the scene linear data. I would say it's a video on intermediate level, because...

2K Responds To NBA 2K21 Unskippable In-Game Ad Backlash

Earlier this week, 2K was in the hot seat once more when NBA 2K21 players noticed unskippable ads that prevented them from making...

How Nick Saban Made It to Alabama’s Kickoff on Saturday

Even under ideal circumstances, the best products will occasionally fail, Dr. Jha said.“There is not something that is 100 percent perfect,” he said....

​SIA Group utilised 70% of proceeds from June rights issue | News

SIA Group has utilised S$6.2 billion ($4.6 billion) of S$8.8 billion gross proceeds from a rights issue completed in June. The amount was drawn...

Leave a reply

Please enter your comment!
Please enter your name here