New Malware Uses Novel Fileless Technique to Evade Detection

Dark Reading -

Researchers recently uncovered a new memory-resident malware family and installer that they say employ a unique and stealthy approach to hide from threat detection tools.

FireEye’s Mandiant advanced practices team — which named the malware PRIVATELOG and its installer, STASHLOG — says it has not observed the malware on any customer networks, nor has the vendor recovered any second-stage payloads the malware may have launched. Still, the malware is noteworthy because of the novel technique it uses to try and reside undetected in memory on infected systems, according to the security vendor .

Fileless — or memory-resident — malware typically executes in memory, unlike malware that writes payloads to disk and therefore is more easily detected via antivirus tools.

“These fileless techniques do not write directly to disk in the traditional sense but utilize Windows storage containers, such as the Windows registry, to house the payload,” says Blaine Stancill, senior

The post New Malware Uses Novel Fileless Technique to Evade Detection first appeared on Dark Reading.

Read More.....